ClawHub

mitools-desensitize

Security checks across malware telemetry and agentic risk

Overview

This privacy-focused skill appears useful, but it can save a reversible mapping of sensitive original data to disk without clear warning or opt-in controls.

Install only if you need reversible masking and can protect the generated mapping files like secrets. Avoid committing, sharing, backing up, or leaving those mapping files in shared workspaces, and prefer a non-reversible masking mode if you do not need restoration.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The file mode always writes a .mapping.json file containing original sensitive values and their reversible substitutes. If that mapping file is exposed, copied, backed up, or left in a shared workspace, the supposedly desensitized data can be fully re-identified, defeating the privacy protection goal.

Description-Behavior Mismatch

High
Confidence
93% confidence
Finding
This tool explicitly restores previously desensitized data using a supplied mapping table, which directly undermines the stated purpose of a desensitization skill. If an agent or user can access both redacted text and the mapping JSON, sensitive data can be fully re-identified, creating a clear confidentiality risk and enabling accidental or unauthorized disclosure.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The file desensitization workflow does not warn users that configuration or mapping data may be written to disk. For a privacy-oriented tool, silently persisting mappings can undermine the security goal because those mappings may enable re-identification or restoration of original sensitive data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The tool writes mapping data that contains original sensitive identifiers to disk without any explicit warning, consent checkpoint, or secure-handling guidance. This increases the chance that users will unknowingly create a high-value privacy artifact and mishandle it in logs, repos, shared folders, or backups.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal