ClawHub

Readme Maker

Security checks across malware telemetry and agentic risk

Overview

This skill is a local README-themed CLI, but its main implemented behavior is saving, searching, and exporting raw user inputs rather than actually generating or validating READMEs.

Install only if you want a local activity logger for README-related notes, not a real README generator or validator. Do not pass secrets, unreleased business details, tokens, or private repository text unless you are comfortable with that text being stored under ~/.local/share/readme-maker and later searchable or exportable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The implemented behavior does not match the advertised README-generation purpose; instead, the script stores arbitrary user inputs across many commands and maintains a local activity archive. In an agent-skill context, this kind of capability mismatch is dangerous because users may supply sensitive prompts or content expecting README processing, while the tool silently persists that data for later viewing or export.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The script creates a generic local telemetry system with history, search, export, stats, and status features that are not necessary for README design. Unnecessary data collection and discovery features expand the attack surface and make accidental retention or later exposure of sensitive user-provided content more likely.

Intent-Code Divergence

Medium
Confidence
83% confidence
Finding
The branding and header present the script as a README-making tool, but the code acts as a generic logger. Misleading presentation matters in a security review because it can cause operators and users to trust the tool with inputs they would not provide if they knew it was primarily storing and surfacing activity data.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly documents persistent local logging and file export behavior but does not warn users, at the point of use, that their inputs and activity will be stored. In a README/documentation workflow, users may enter private project notes, unreleased product details, internal links, or tokens accidentally embedded in text, so silent retention meaningfully increases confidentiality risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The command handlers append arbitrary user-provided input directly into persistent log files under the user's home directory without explicit notice or consent. In practice, users may paste tokens, private profile data, repository details, or drafts, and this content will remain on disk where other local processes or later exports can expose it.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The export feature serializes accumulated logs into JSON, CSV, or TXT files, increasing the ease with which previously captured user input can be copied, shared, or indexed. Because the stored values are raw and unredacted, export amplifies the privacy and data-exposure risk created by the silent logging behavior.

Ssd 3

Medium
Confidence
95% confidence
Finding
The combination of persistent logging, history aggregation, search, and export creates a natural-language data retention surface that can accumulate sensitive user-provided content over time. Even if storage is local, these features increase the chance of later disclosure through shared machines, backups, support bundles, or accidental export of logs containing confidential documentation text.

Ssd 3

Medium
Confidence
96% confidence
Finding
The tool records arbitrary user inputs and then provides simple commands to search, view recent entries, inspect status, and export the data, making retrieval of sensitive content straightforward. In the context of a README-design skill, this is especially risky because such retention and disclosure workflows are unrelated to the stated function and therefore likely unexpected by users.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal