ClawHub

Fish

Security checks across malware telemetry and agentic risk

Overview

Fish is a local command-line history/logging utility that stores user-entered text on the same machine; the behavior is disclosed and no exfiltration or destructive behavior was found.

Install only if you want a local plaintext history tool. Do not pass passwords, API keys, private prompts, customer data, or other sensitive content to it, because entries may be saved under ~/.local/share/fish and later shown or exported. Also verify what executable is bound to fish before use, since that name can conflict with the Fish shell.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Vague Triggers

Medium
Confidence
83% confidence
Finding
The phrase 'Use when you need fish' is so broad that it does not meaningfully constrain when the agent should invoke the skill. Overly broad routing language can cause inappropriate activation in unrelated contexts, increasing the chance that user data is unnecessarily recorded or that unintended commands are suggested or run.

Vague Triggers

Medium
Confidence
86% confidence
Finding
Multiple command descriptions are essentially placeholders like 'Run', 'Check', 'Analyze', and 'Generate', which do not define scope, inputs, side effects, or storage behavior. This ambiguity makes it difficult to predict what the skill will do and increases the risk of accidental misuse, overbroad invocation, and unexpected persistence of user-provided content.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The tool persistently stores arbitrary user-provided input to local log files without clear notice or consent. In an agent-skill context, users may provide secrets, prompts, file paths, or sensitive business data expecting transient processing, so silent retention creates a meaningful confidentiality risk on shared or compromised systems.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The export function copies previously stored log contents into new files, increasing the number of at-rest copies of potentially sensitive data without warning. This expands exposure and makes accidental disclosure more likely, especially because exported CSV/JSON/TXT files may be easier to share, index, or back up unintentionally.

Ssd 3

Medium
Confidence
94% confidence
Finding
The script is effectively a persistent local data capture and retrieval utility: it records arbitrary user inputs and later reveals them through search, recent activity, status output, and export operations. In the context of an agent skill marketed vaguely as a utility tool, that mismatch increases danger because operators may unknowingly feed it sensitive content that is then retained and surfaced later.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal