ClawHub

Boiler

Security checks across malware telemetry and agentic risk

Overview

This skill is advertised as a boiler calculator, but it actually stores, deletes, and exports arbitrary local notes.

Install only if you intentionally want a simple local record keeper, not a boiler efficiency or sizing tool. Do not store secrets or sensitive facility information in it, and treat remove/export operations as direct local file mutations with limited safeguards.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The manifest and description present the skill as a boiler efficiency and sizing tool, but the documented commands describe a generic local datastore that can add, search, remove, export, and configure arbitrary records. This mismatch can mislead users and reviewers about the real behavior of the skill, reducing informed consent and making it easier to smuggle unexpected data-handling functionality into an apparently domain-specific tool.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The documented interface does not support the claimed industrial purpose and instead exposes a generic record-management workflow. In a security review context, this is dangerous because deceptive or materially inaccurate documentation can conceal broader data collection, persistence, or exfiltration-adjacent behavior behind an innocuous label.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The script’s stated purpose is a boiler efficiency and sizing tool, but its actual functionality is a generic persistent local data logger with search, deletion, export, and config editing. This kind of capability mismatch is dangerous because it can mislead users and reviewers into granting trust or permissions to a tool that performs unrelated data collection and file manipulation.

Intent-Code Divergence

High
Confidence
95% confidence
Finding
The banner, help text, and documentation actively present the tool as boiler-related while concealing that it stores and manages arbitrary user-provided entries on disk. Misrepresentation increases the likelihood that users will enter sensitive information or run the tool in inappropriate contexts, making the deception itself security-relevant.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The skill documents a remove command without mentioning confirmation, safeguards, or recovery behavior. That creates a meaningful risk of accidental or scripted data loss, especially when the tool stores user-managed local records and the command is exposed as a simple one-step operation.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The script creates a persistent data directory and appends user-supplied content to a JSONL file without any up-front warning in the description or comments, and later supports deletion/export operations against that stored data. Undisclosed persistence is risky because users may assume a transient calculator tool while the script is actually retaining potentially sensitive inputs on disk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal