ClawHub

Passport

Security checks across malware telemetry and agentic risk

Overview

This skill is framed as a passport validation tool, but the artifacts mainly implement local logging, search, and export of potentially sensitive identity data.

Review carefully before installing. Do not enter real passport numbers, dates of birth, names, or identity-document details unless you intentionally want that information stored locally in plaintext and potentially exported. Treat the advertised validation capability as unsupported by the reviewed script.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The skill is presented as a passport/identity-document validation utility, but the documented behavior includes broad persistent logging, search, export, history, and generic record-management features unrelated to narrow document validation. In the context of passport and identity data, this mismatch is dangerous because users may submit highly sensitive PII expecting simple validation, while the tool appears designed to retain and repurpose that data.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The documented implementation behaves like a generic local data collection and management CLI rather than a focused passport-validation skill. That discrepancy increases the risk of overcollection and misuse of sensitive identity records because operators may trust the declared purpose and not realize inputs are being retained, indexed, and exported.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The advertised functionality is passport or identity-document validation/formatting, but the exposed commands are a generic logging toolkit that stores arbitrary inputs and offers unrelated operational features. This mismatch is dangerous because users may submit sensitive identity data believing it will be validated locally and minimally, when in reality it is retained and managed as generic records, increasing privacy and compliance risk.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The script includes export, search, recent-history, and statistics features over stored inputs, which are unjustified for a passport-validation utility handling highly sensitive personal data. These capabilities materially increase exposure by making bulk retrieval, indexing, and casual browsing of identity-related records easier after collection.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The operational commands do not validate, format, lint, convert, or otherwise process passport data; they simply append raw user input to log files under action-themed filenames. In context, this is dangerous because users are likely to paste passport numbers or identity details into commands that silently persist them, creating an unnecessary repository of sensitive data without delivering the promised function.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Automatic history and activity logging for passport or identity-document processing creates a substantial privacy and security risk because such logs may contain names, document numbers, dates of birth, or other regulated PII. The danger is amplified by the lack of a prominent warning or informed consent mechanism before retention begins.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script creates a persistent data directory and writes all submitted content and activity history to it without any explicit warning, consent prompt, or privacy notice. Because the skill context involves passports and identity documents, silent local retention is especially risky: sensitive PII may remain on disk longer than users expect and be exposed to other local users, backups, or forensic recovery.

Ssd 3

Medium
Confidence
95% confidence
Finding
A natural-language instruction indicating that all user and document activity will be logged locally is a real security concern when the workflow handles identity documents. Even local-only retention materially increases exposure to endpoint compromise, accidental disclosure, backup leakage, and unauthorized reuse of sensitive records.

Ssd 3

High
Confidence
97% confidence
Finding
Stating that every action is logged and can be exported creates a straightforward data leakage path for passport-related information. Export functionality makes accumulation risk worse by enabling bulk extraction of retained sensitive records into portable plaintext formats such as CSV or TXT.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal