ClawHub

Queue

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a local logging/export tool presented as a queue manager, with persistent storage that is not clearly disclosed.

Review this carefully before installing. Treat anything entered into the skill as potentially saved on disk and duplicated by exports. Install only if you are comfortable with a local activity logger behavior, not merely a queue manager, and avoid entering secrets or sensitive operational data unless the publisher clarifies storage, deletion, and export behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The advertised skill is a message-queue manager with priorities, retries, and delivery tracking, but the implementation is a generic personal activity logger. This mismatch can mislead users and upstream agents into supplying operational or sensitive queue data under false assumptions, creating unintended data collection and unsafe automation behavior.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The inline branding and help text describe a productivity toolkit rather than the declared queue-management skill, reinforcing a deceptive capability mismatch. In an agent ecosystem, inaccurate documentation can cause other components or users to invoke the tool for the wrong purpose and expose data to unintended storage paths.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
User-provided content is appended verbatim to persistent files under ~/.local/share/queue without any upfront notice or consent. In agent workflows, users may provide operational notes, identifiers, or secrets expecting ephemeral handling, so silent retention increases confidentiality and privacy risk.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The export feature aggregates historical logs into new files, multiplying the number of copies of potentially sensitive data without prior warning. This broadens exposure, especially because JSON/CSV/TXT exports are easy to share, back up, or ingest into other tools unintentionally.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal