ClawHub

Skill Router BZai

Security checks across malware telemetry and agentic risk

Overview

This skill is a useful skill picker, but it can search, install, and run other skills with an unclear consent boundary.

Install only if you intentionally want an agent-level skill router. Require explicit approval before any ClawHub search using sensitive task details, any `clawhub install`, and any execution of a selected skill; manually review recommended skills because this package’s security scoring is not a complete audit.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill declares no permissions while its documented workflow and referenced scripts imply shell execution, local skill enumeration, installs, and likely file reads/writes for history or metrics. This under-declaration is dangerous because it prevents informed consent and weakens sandboxing or policy enforcement, especially for a router that can invoke other skills and install remote content.

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The skill claims to recommend skills, but the detected behavior also includes persisting historical usage data and downloading external skills for inspection. That mismatch is risky because users and policy systems may authorize a low-risk selector while the skill actually performs additional stateful and supply-chain relevant actions, increasing exposure to privacy leakage and malicious package retrieval.

Missing User Warnings

Low
Confidence
85% confidence
Finding
The script sends user-supplied search terms to an external service via the `clawhub` CLI without any user-facing disclosure or consent mechanism. In a skill-selection context, queries may contain sensitive task descriptions, internal project names, or other metadata, so silent network transmission creates a privacy and data-handling risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal