ClawHub

Nm Conserve Mcp Code Execution

Security checks across malware telemetry and agentic risk

Overview

This markdown-only orchestration skill is not malicious, but it can route MCP/subagent workflows and persist workflow context without clear privacy or scoping guardrails.

Install only if you want an agent to actively optimize and route MCP/code-execution workflows. Before using it on private code, credentials, customer data, or proprietary datasets, require explicit activation, disable or tightly control external storage and debug context snapshots, and ensure any workflow data passed to validation or subagents is minimized and redacted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill defines broad automatic activation keywords such as "code execution", "MCP", and "tool chain", which can match many ordinary conversations and cause the orchestration hub to activate unintentionally. In a security-sensitive agent environment, unintended activation can change tool-selection behavior, increase exposure to MCP servers or submodules, and create unnecessary opportunities for prompt-injection or unsafe workflow routing.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document explicitly recommends storing intermediate subagent results externally but provides no guidance on data classification, minimization, encryption, retention, or user consent. In a code-execution/MCP coordination context, intermediate results may contain source code, credentials, prompts, or dataset contents, so this pattern can cause unintended persistence or disclosure of sensitive data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The emergency overflow handler instructs the system to store the current state externally during failure conditions, which is especially risky because error states often include raw task context, partial outputs, or sensitive in-memory data. Capturing and persisting this state without safeguards or warning increases the chance of leaking secrets, proprietary data, or personal information during exceptional paths that are often less controlled.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The debug logging example records a full context snapshot in structured logs without any privacy or security guardrails. In an MCP orchestration system, context may include tool inputs/outputs, tokens, code, file contents, or credentials, so logging snapshots can create a durable secondary copy of highly sensitive material accessible to operators or other systems.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The module advertises automatic activation on very broad keywords such as "pattern," "transform," and especially "code execution," which can cause the skill to trigger in contexts where it was not explicitly intended. In a code-execution routing skill, unintended invocation is more dangerous because it can steer workflows toward higher-risk execution paths or bypass safer, more transparent tool usage.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The module defines broad automatic trigger keywords such as "subagent," "decompose," and "break down," which are common terms that may appear in many unrelated user requests. In a skill that can route workflows through MCP servers and spawn subagents, overly broad triggers increase the chance of unintended activation, causing unnecessary delegation, expanded tool access, and avoidable execution of data-heavy workflows.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The module auto-triggers on very generic terms like "validate", "check", and "monitor", which are common in ordinary user requests and can cause the skill to activate unintentionally. In this context, unintended activation is more concerning because the module is tied to MCP workflow monitoring and can influence execution decisions or pull workflow data into validation paths the user did not explicitly request.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The module states it receives workflow data for validation but does not disclose what data may be processed, whether sensitive content is included, or what privacy boundaries apply. In a data-heavy MCP execution skill, this increases the chance that users or upstream components route sensitive workflow contents into validation without informed consent, minimization, or sanitization.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal