ClawHub

Config

Security checks across malware telemetry and agentic risk

Overview

This is a local configuration-note logger, but it can persist sensitive configuration text in plaintext and its documented remove command does not actually remove stored entries.

Review before installing. Use it only for non-secret notes, do not store tokens or credentials in entries or command arguments, and do not rely on config remove to delete anything unless the script is fixed; inspect data.log and history.log manually if sensitive text was ever recorded.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The manifest frames the skill as a focused config-file manager, while the documentation describes a broader logging utility that supports search, export, remove, and command-history recording. In agent ecosystems, this kind of semantic drift is security-relevant because routing and trust decisions may rely on the declared scope, causing the skill to be used where its actual data-handling behavior is not expected.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The documentation claims configuration-file management, but the described implementation only appends to generic data and history logs. This is dangerous because users may store secrets, environment settings, or operational notes assuming structured config handling, when in reality the tool creates persistent plaintext logs that are easier to misuse or expose.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill encourages logging configuration changes and command history locally but does not warn that these entries may contain sensitive values such as tokens, database URLs, or deployment details. In the context of a config-related tool, users are especially likely to handle secrets, so omission of a sensitivity warning materially increases the risk of credential leakage through local plaintext logs.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The script persists user-supplied arguments and command history into files under a user-controlled data directory without any warning, consent flow, retention policy, or sanitization. In a configuration-management context, users may reasonably pass secrets, tokens, hostnames, or internal settings on the command line, causing sensitive data to be stored in plaintext and later exposed via 'list' or 'export'.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal