ClawHub

Erp

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local ERP-style logging tool that stores user-entered business notes on disk without evidence of hidden network, credential, or destructive behavior.

Install only if you are comfortable with ERP notes being stored as plaintext files in ~/.local/share/erp. Avoid entering passwords, secrets, regulated personal data, or highly confidential business records unless you add your own filesystem protections and retention process, and review export files before sharing them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The implemented behavior materially diverges from the declared ERP/resource-planning purpose and instead provides a generic personal activity logger. That mismatch is dangerous because users or orchestrators may grant the skill access and trust appropriate for ERP workflows while the code quietly collects unrelated free-form inputs and stores them persistently.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The presence of unrelated productivity features expands the skill beyond its stated business purpose and encourages collection of arbitrary user notes that may include sensitive operational or personal information. In a skill advertised for ERP/inventory coordination, this unnecessary scope increases the chance of inappropriate use, overcollection, and user deception.

Intent-Code Divergence

Medium
Confidence
87% confidence
Finding
The script comments and help text brand the tool as ERP-oriented, but the code performs generic logging and export of free-form entries. Mislabeling functionality is a security concern because it can mislead users and automated systems about the nature of processing, leading to misplaced trust and accidental disclosure of sensitive content.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
User-supplied text is written directly to persistent log files in the user's home directory without notice, retention controls, or sensitivity warnings. Because the skill context suggests business planning and tracking, users may enter confidential operational, staffing, or inventory information that remains on disk longer than expected.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The export function aggregates all logged activity into a single file, which can amplify exposure of sensitive information and make exfiltration or accidental sharing easier. Since the skill is presented as an ERP tool, exported logs may contain consolidated business-sensitive data spanning multiple categories and time periods.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal