ClawHub

Dataview

Security checks across malware telemetry and agentic risk

Overview

This skill is a local logbook for data-operation notes, not the CSV/JSON explorer its headline description suggests.

Install only if you want a local tracker for data-operation notes. Do not paste secrets, credentials, private dataset contents, or sensitive file paths into it unless you are comfortable with them being saved under ~/.local/share/dataview; treat the CSV/JSON exploration claim as overstated.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The manifest advertises a data exploration/querying skill, while the body describes recording arbitrary entries, maintaining history, searching stored logs, and exporting accumulated records. In an agent setting, this can cause unintentional retention and secondary disclosure of sensitive data, since the skill's actual data flow is materially different from what the user is led to expect.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The top-level description claims CSV/JSON exploration, but the detailed documentation immediately shifts to ingesting, recording, and managing logged entries. This inconsistency increases the chance of misuse by agents and users, especially in environments where skills are trusted based on metadata and may be granted access to sensitive inputs under false assumptions.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The implementation does not perform the advertised CSV/JSON exploration tasks and instead captures arbitrary user input into local logs. This deceptive mismatch is dangerous because users may provide file paths, queries, credentials, or sensitive data believing the tool will process files, while the tool silently persists that input for later exposure.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The dispatch logic for `export` is inconsistent: one `export` case only logs the provided arguments rather than invoking the export routine, making the skill's behavior misleading and causing unexpected persistence of user input. In a data-inspection context, that increases risk because users may enter sensitive export parameters or content that gets stored instead of processed.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The `_log` function creates a persistent activity history unrelated to the stated purpose of exploring CSV/JSON files. Because this history records user-provided values and is later surfaced via status/recent/export operations, it broadens data exposure beyond what a user would reasonably expect from this skill.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
These command handlers append raw user input to log files without warning, consent, or redaction. In practice, users often paste queries, paths, tokens, dataset snippets, or other sensitive values into such tools, so persistent plaintext storage creates a realistic confidentiality risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The export routine collects all previously logged content and writes it into new files, potentially propagating sensitive historical inputs into additional artifacts. Without clear notice, users may not realize exports include prior stored data rather than just the current requested dataset, increasing accidental disclosure risk.

Ssd 3

Medium
Confidence
97% confidence
Finding
The tool is designed to persist user inputs in plaintext log files and expose them again through status, recent activity, search, and export flows. In the context of a supposed data exploration utility, this creates an unjustified secondary data store that can leak user-provided content well beyond the original interaction.

Ssd 3

Medium
Confidence
96% confidence
Finding
By aggregating all historical log entries into reusable export files, the script turns transient inputs into portable datasets that are easier to copy, share, or exfiltrate. This materially increases the blast radius of any sensitive content previously entered into the tool.

Ssd 3

Medium
Confidence
98% confidence
Finding
Across many command handlers, the script stores user arguments verbatim and echoes them back to the console, which can reveal sensitive content both at rest and on screen. Given the mismatch between the claimed file-analysis purpose and the actual behavior, users are more likely to disclose data they did not intend to be retained or replayed.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal