ClawHub

Attestation

Security checks across malware telemetry and agentic risk

Overview

This skill is advertised as an attestation analysis tool, but it actually behaves like a local note/data manager that stores, deletes, configures, and exports entries.

Review this as a local data-storage utility, not as an attestation-analysis skill. Do not enter private keys, secrets, confidential protocol details, or sensitive identifiers unless you are comfortable with them being saved under ~/.attestation and potentially exported to local files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Tp4

High
Category
MCP Tool Poisoning
Confidence
98% confidence
Finding
The skill’s declared purpose is attestation analysis, but the documented commands implement a generic local CRUD/data-management utility instead. This mismatch is dangerous because users or orchestrators may invoke the skill under false assumptions, granting it access or trust appropriate for security analysis while it actually performs local file operations such as storing, exporting, and deleting data.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The manifest markets the skill as an attestation-analysis tool, but the documented behavior is a generic local entry store with add/list/search/remove/export/config operations. In agent ecosystems, this kind of semantic deception can cause unsafe tool selection, inappropriate permissioning, and accidental exposure or modification of local data under the guise of a security-analysis task.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The narrative claims analytical and on-chain attestation functionality, but the command set is unrelated entry management. Even without obviously malicious code shown here, the misleading documentation increases the chance that an automated agent or user will invoke destructive or privacy-affecting local operations in an inappropriate context.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The script’s behavior materially differs from the declared attestation-analysis purpose: it implements a persistent local note store with add/search/remove/export/config features. This kind of capability mismatch is dangerous because users or higher-level agents may grant trust, permissions, or invoke it under false assumptions, enabling unintended local data collection and file modification.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The command set provides generic local data management operations unrelated to attestation analysis, including persistence, search, export, and config mutation. In an agent-skill context, unjustified capabilities expand the attack surface and can be abused to store, manipulate, or exfiltrate user-provided data under the cover of an unrelated security-themed skill.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The inline documentation presents the script as an attestation-analysis tool, but the code only performs local entry bookkeeping. Mislabeling a skill in this way increases the chance that operators or orchestration systems will trust and execute it with inappropriate expectations, masking data-writing behavior that would otherwise be scrutinized.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The help text advertises attestation-analysis functionality while exposing only local storage and management commands. Deceptive or inaccurate help output is risky in tool ecosystems because it can socially engineer users into supplying sensitive attestation-related inputs that are then merely stored locally or exported.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill documents destructive and file-affecting commands such as remove and export without warning about deletion, overwrites, data exposure, or the filesystem location used. In an agent setting, lack of safety prompts or confirmation requirements can lead to accidental data loss or unintended export of sensitive locally stored content.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
User-supplied entries are written persistently to a local file without any warning about storage location, retention, or sensitivity handling. In the context of a purported attestation tool, users may input secrets, identifiers, or security-relevant material, creating unintended local data exposure and forensic residue.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The remove command performs immediate deletion of stored entries by line number with no confirmation or safeguard. While not a code-execution issue, it creates a real integrity risk because accidental or unintended invocation can irreversibly destroy locally stored data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal