ClawHub

Niri IPC

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-aligned for controlling Niri, but it exposes broad desktop IPC and shell-spawning authority with limited safety scoping.

Install only if you specifically want an agent to have low-level control of your Niri desktop session. Treat raw IPC and spawn-sh as powerful: require explicit approval before closing windows, reloading config, or spawning commands, and avoid using this skill in unattended automation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill exposes shell, environment, and IPC/network-like capabilities without any declared permissions or guardrails, which can mislead an agent or reviewer about what the skill is able to do. In this context, the undocumented access matters because the skill can control the active desktop session, inspect window state, and trigger side effects such as spawning processes or closing windows.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The documented purpose sounds like a bounded helper for common Niri operations, but the file also advertises raw access to $NIRI_SOCKET, arbitrary JSON request submission, batching from stdin, and continuous event streaming. That broader capability effectively grants unrestricted compositor IPC access, which can enable unexpected destructive actions, privacy-sensitive state inspection, or behavior beyond what a user would infer from the summary.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation includes impactful actions like closing windows, reloading configuration, and spawning commands, but gives no warning that these operations can disrupt the session, terminate user work, or execute arbitrary programs. In an agent setting, lack of explicit safety guidance increases the chance that these actions are invoked automatically or without informed consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal