ClawHub

Breaker

Security checks across malware telemetry and agentic risk

Overview

The skill is presented as a circuit-breaker engineering tool, but it actually behaves like a local persistent notes/data manager.

Install only if you want a local record manager that stores entries under ~/.breaker by default and can export or delete them. Do not rely on it for circuit breaker sizing or coordination, and avoid entering sensitive facility or operational data unless you are comfortable with local retention and later export.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The manifest presents the skill as a circuit breaker sizing and coordination tool, but the documented behavior is a generic persistent data manager with add/list/search/remove/export/config operations. This mismatch is dangerous because it can cause an agent or user to invoke the skill under false assumptions, leading to unintended local data storage, deletion, or export outside the expected electrical-analysis scope.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The documented interface materially contradicts the declared purpose: instead of domain-specific breaker analysis, it exposes generic CRUD and export functionality over a local datastore. In an agent setting, this kind of semantic deception increases the risk of unauthorized data handling, accidental persistence of sensitive content, and misuse of a broadly capable tool in contexts where only constrained electrical calculations were expected.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The command descriptions directly contradict the breaker-specific claims by advertising generic entry management actions such as add, remove, search, and export. This inconsistency makes the skill more dangerous because users and orchestrating agents may not anticipate that it modifies local state or handles arbitrary stored content rather than performing the narrow electrical function implied by its name and description.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The implementation materially contradicts the advertised purpose: instead of performing circuit breaker sizing/coordination, it provides a generic local data store with add/list/search/remove/export/config operations. This kind of capability mismatch is dangerous because users or higher-level agents may grant trust, inputs, or filesystem access based on the declared domain, while the skill actually collects and persists arbitrary data, enabling covert data capture or misuse under false pretenses.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The header comments and help text falsely present the script as a circuit breaker engineering tool, but the exposed commands are for generic record management. Misleading documentation increases the risk of social engineering and unauthorized data handling because operators may run the tool in sensitive workflows expecting engineering calculations, not persistent storage and export of arbitrary entries.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation guidance uses vague trigger phrases like 'use when json breaker tasks, csv breaker tasks, checking breaker status' without defining boundaries, input expectations, or safety constraints. Ambiguous routing criteria can cause an agent to select this skill in inappropriate situations, expanding the chance of unintended file operations or misuse of a generic datastore tool under the guise of breaker processing.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation includes data-modifying commands such as add, remove, export, and config changes without warning users that these actions alter persistent local state or may delete information. In practice, the absence of warnings or confirmation expectations increases the likelihood of accidental destructive actions and unnoticed creation or exfiltration of locally stored data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal