SynthClaw

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a disclosed Blender rendering and analysis tool, but users should only run it on trusted Blender files and safe output paths.

Install only if you are comfortable letting the agent start local Blender jobs and write rendered files to paths it is given. Use trusted .blend and reference image files, avoid sensitive output locations, and run the skill in a container or other isolated environment when processing files from third parties.

SkillSpector

By NVIDIA

Vulnerability Patterns

Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (7)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: ] try: result = subprocess.run(command, capture_output=True, text=True, check=True) # Parse output between markers output = result.stdout if "---ANALYSIS_START---" in output and "---ANALYSIS_END---" in output:
Confidence: 90% confidence
Finding: result = subprocess.run(command, capture_output=True, text=True, check=True)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: ] + param_args try: result = subprocess.run( command, capture_output=True, text=True,
Confidence: 95% confidence
Finding: result = subprocess.run( command, capture_output=True, text=True, check=True, timeout=timeout, env=env )

subprocess module call

Medium

Category: Dangerous Code Execution
Content: ] try: result = subprocess.run( command, capture_output=True, text=True,
Confidence: 93% confidence
Finding: result = subprocess.run( command, capture_output=True, text=True, check=True, timeout=60 # 1 minute timeout for analysis )

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill declares no permissions even though it invokes shell-capable tooling and depends on environment state such as PATH. This can mislead users and policy systems about the actual execution surface, reducing informed consent and weakening sandboxing or review controls for a skill that launches Blender and associated scripts.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 82% confidence
Finding: The documented purpose focuses on rendering, but the skill also analyzes .blend contents and can compute similarity/naturalness metrics against a supplied reference image using external libraries. That broader behavior expands data access and processing beyond user expectations, which can expose file contents or sensitive image data to additional code paths and dependencies not clearly disclosed.

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The schema defines a tool that performs headless analysis of Blender files and returns judgments about mathematical complexity and realism, which expands the skill beyond its stated render-focused purpose. This kind of scope drift can enable unintended file inspection and subjective evaluation behavior that operators may not expect, increasing the chance of unsafe automation decisions or misuse of untrusted .blend inputs.

Missing User Warnings

Low

Confidence: 72% confidence
Finding: The skill accepts an arbitrary output_path and writes rendered files there, but the description does not warn that existing files may be overwritten. In an agent setting, this can cause accidental data loss or unintended modification of user files if paths are chosen incorrectly or maliciously prompted.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal