ClawHub

Skill Doc Formatter

Security checks across malware telemetry and agentic risk

Overview

This is a local SKILL.md formatter with a disclosed optional security-check helper, and the artifacts do not show hidden execution, exfiltration, persistence, or credential use.

Install only if you want a tool that can both format skill documentation and optionally inspect another skill directory for common ClawHub review issues. Prefer writing formatted output to a separate file before using --inplace, and run --security-check only on directories you intentionally want it to read.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Tp4

High
Category
MCP Tool Poisoning
Confidence
92% confidence
Finding
The skill is presented as a documentation formatter, but it also offers a security review mode that scans skill directories and invokes an additional review script. This broader behavior expands trust and execution scope beyond the declared purpose, which can mislead users and reviewers about what the skill does and what files it inspects.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
This file implements a full security-review scanner over scripts, metadata, environment variables, persistence behavior, and documentation, which is materially different from the advertised purpose of a SKILL.md formatter. That mismatch is dangerous because it causes the skill to inspect far more of the repository than users would reasonably expect, increasing trust and review risk and potentially enabling collection or inference of sensitive implementation details during use.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The script performs broad analysis across Python and shell scripts, _meta.json, README.md, and SKILL.md, despite the skill being presented as a documentation formatter. Even without code execution, this unjustified breadth violates least surprise and least privilege expectations, making the skill more invasive than its stated function and increasing the chance of exposing sensitive project structure or configuration data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal