ClawHub

Antom Reconciliation Expert

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed reconciliation helper that reads local settlement reports and fetches reference material from a hardcoded CDN, with user-confirmed update guidance but no automatic updating or credential use.

Install only if you are comfortable with the skill making outbound HTTPS requests to the documented Antom/Marmot CDN for reconciliation rules and knowledge. Treat any update prompt as a trust decision: review the command and repository before running it, especially if it would run git pull or replace the skill directory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill metadata says it parses only local settlement detail files, but this module performs outbound network requests to a remote CDN and exposes repository metadata. That expands the trust boundary beyond local file parsing and creates a supply-chain/integrity risk: remote content can influence skill behavior or responses, and the feature contradicts the declared scope users may rely on.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The version-check and update-discovery logic introduces unnecessary external dependency and metadata retrieval unrelated to parsing local reconciliation reports. Even without auto-updating, remote manifests can shape agent messaging and operational decisions, enabling misleading prompts, availability issues, or future abuse if the CDN or upstream content is compromised.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal