ClawHub

Paste Rs

Security checks across malware telemetry and agentic risk

Overview

This skill transparently uploads user-selected text to paste.rs and has real public-sharing and local-copy risks, but the behavior is disclosed and aligned with its purpose.

Install only if you are comfortable sending selected text or files to a public paste service. Keep redaction enabled for logs and configs, manually review content before upload, avoid sensitive or proprietary data, and delete the saved local .md file if you do not want a retained copy.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill clearly performs file read, file write, and network exfiltration behaviors, but the documentation does not declare permissions or equivalent user-visible capability boundaries. That omission can mislead operators or higher-level tooling about what the skill will access and transmit, increasing the chance that sensitive data is uploaded without informed consent.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill silently writes the full would-be uploaded content to a local file in /tmp before sending it to paste.rs, which creates an additional persistence channel not disclosed in the top-level behavior. If users paste logs, configs, or other sensitive material, the local copy may remain on disk, be readable by other local users/processes depending on system configuration, or be recovered later, undermining expectations of transient handling.

Intent-Code Divergence

Low
Confidence
84% confidence
Finding
The module description states the tool uploads text and prints the resulting URL, but omits that it first stores the content in a local Markdown file. This mismatch is a security-relevant transparency issue because users may reasonably assume sensitive content is only sent to paste.rs, not also retained on local storage.

Ssd 3

Medium
Confidence
95% confidence
Finding
This skill is specifically designed to publish user-provided content, including logs and config snippets, to a public paste service. Even with default redaction, such material often contains secrets, internal hostnames, tokens in uncommon formats, personal data, or proprietary information that pattern-based masking will miss.

Ssd 3

High
Confidence
98% confidence
Finding
Documenting a `--no-redact` option encourages bypassing the only built-in safeguard before publishing to a public endpoint. That makes accidental disclosure of credentials, tokens, passwords, and other sensitive material substantially more likely, especially when used on logs or config files.

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# stdin
some_command | curl -fsS https://paste.rs -d @-

# file
curl -fsS https://paste.rs -d @./file.txt
Confidence
96% confidence
Finding
curl -fsS https://paste.rs -d @- # file curl -fsS https://paste.rs -d

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal