ClawHub

Filesystem MCP Server

Security checks across malware telemetry and agentic risk

Overview

This is a coherent filesystem-access setup guide, but users should configure it narrowly because it can let agents read, write, move, and delete files in allowed folders.

Install only if you need an agent to work with local files. Use the smallest specific folders possible, prefer read-only mode unless writing is required, avoid credential or whole-home directories, review destructive actions before approving them, and consider pinning or verifying the upstream npm package.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
82% confidence
Finding
The skill is described so broadly that an agent may invoke filesystem access for many ordinary file-related requests, including tasks that involve reading, modifying, moving, or deleting local data. In a system where tool selection is automatic, over-broad routing guidance increases the chance of unnecessary exposure to sensitive files or accidental destructive actions, especially because this skill includes write, move, and delete capabilities.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The documentation presents destructive capabilities such as write, move, edit, and delete with minimal user-safety warnings, and only mentions confirmation for large-file deletion. In an agentic context, this can normalize unsafe execution of destructive file operations without sufficient confirmation, rollback guidance, or least-privilege defaults, increasing risk of data loss or unauthorized modification.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal