ClawHub

Compliance

Security checks across malware telemetry and agentic risk

Overview

This skill is a local compliance note logger; it saves what the user enters to local files and does not show network, destructive, or privileged behavior.

Install only if you want a simple local audit log. Treat it as record keeping, not as a tool that actually hashes, verifies, rotates, stores, or retrieves secrets. Do not enter real passwords, API keys, tokens, personal data, or sensitive compliance evidence unless you are comfortable with that text being saved in plaintext under ~/.local/share/compliance and included in exports.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Tp4

High
Category
MCP Tool Poisoning
Confidence
92% confidence
Finding
The skill presents itself as a compliance and audit-trail tool, but several commands imply security-sensitive operations such as key generation, strength checking, rotation, hashing, verification, revocation, storage, and retrieval while only describing generic logging behavior. This mismatch can mislead users or downstream agents into believing real security controls are being performed when the tool merely records text, creating a false sense of compliance and potentially causing unsafe operational decisions.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The script markets itself as a compliance/security tool but its core commands are generic append-only loggers, including operations named like secret-management or cryptographic actions such as generate, rotate, hash, verify, revoke, store, and retrieve. This mismatch can mislead users into entering sensitive material under the assumption that secure handling is occurring, when the tool merely writes raw input to plaintext files in a user directory.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The exposed commands imply password, secret, key, or token handling despite the skill being described as a compliance reporting utility. In this context, users may input credentials or other regulated data into commands like store, retrieve, hash, verify, rotate, or generate, and the script persists that input verbatim to local logs, creating clear confidentiality and compliance risks.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly stores all entries locally in persistent log files and encourages recording audit findings, credential rotations, policy changes, and data operations, but it does not warn that users may place secrets, internal system names, or sensitive compliance evidence into those logs. In a compliance context, these records are especially likely to contain regulated or operationally sensitive data, so silent persistence increases the risk of local disclosure, over-collection, and accidental export.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
User-supplied input is accepted from command-line arguments and written directly to persistent local log files without warning, redaction, or protection. Because command names suggest sensitive workflows, this creates a substantial risk that secrets, regulated data, or internal audit content will be exposed to other local users, backups, shell history, or later exports.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal