ClawHub

Elite CLI Tools

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only CLI reference skill with powerful but disclosed shell examples, not hidden execution or data theft.

Install this only if you want the agent to prefer these CLI tools during shell work. Ask for previews, exact target paths, and diffs before allowing deletion, in-place edits, project-wide rewrites, config changes, global Git configuration changes, or outbound curl commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill is described as local shell/file tooling, but the documentation includes examples that fetch or operate on remote network resources. That broader capability can mislead an agent into making outbound requests not justified by the declared scope, increasing data exposure and policy-bypass risk.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Examples such as fetching from GitHub or arbitrary APIs introduce network-capable behavior into a skill framed as efficient local shell/file operations. In an agent setting, this can normalize external communications and create opportunities for unreviewed data exfiltration or retrieval of untrusted remote content.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The example shows recursive deletion via `fdfind ... -X rm` without any warning, dry-run guidance, or safer variant. In an agent or copy-paste context, destructive commands can cause unintended data loss, especially when patterns are broadened or run from the wrong directory.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The in-place `sd` modification example overwrites files directly and is presented without caution. Users or agents may apply it broadly and irreversibly, leading to source corruption or accidental mass edits if the pattern is incorrect.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The ast-grep rewrite example performs automated in-place source transformation across a directory with no warning about review, scope, or rollback. Bulk code rewrites can silently alter many files and introduce defects or break builds if the pattern is too broad.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
Multiple `yq -i` examples directly overwrite configuration files without warning. Configuration changes can disrupt services, alter security settings, or corrupt important environment-specific files when executed by an agent or copied blindly.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The integration workflow escalates from search to project-wide in-place rewrite in `src/` with no warning or guardrails. In agent use, such examples can encourage broad unattended modifications that are hard to audit and may damage large codebases.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The config-management workflow includes an in-place version update without caution, making destructive overwrite behavior appear routine. For configuration files, even simple changes can break compatibility or deployment behavior if run in the wrong environment.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal