ClawHub

Container Desktop

Security checks across malware telemetry and agentic risk

Overview

This skill should go to Review because it presents itself as Podman/container tooling but mainly ships unrelated stub commands that only print messages and log arguments locally.

Review carefully before installing. Treat this as a small third-party stub, not Podman Desktop or a working container/Kubernetes tool. Do not rely on its check/build/test/clean output for real validation, and avoid passing secrets or sensitive paths as command arguments because they may be written to a local history log.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The manifest advertises a container/Kubernetes desktop tool, but the body documents scaffolding, testing, building, deployment guidance, and docs generation instead. In a skill ecosystem, this semantic mismatch can mislead users and automation into invoking the skill in inappropriate contexts, making the skill more dangerous because it may be trusted for one domain while operating in another.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The file names the skill 'Podman Desktop' while the documentation header and commands describe a different tool, 'Container Desktop'. Conflicting identity signals are a supply-chain and trust problem because they obscure provenance and make it easier to impersonate known tools or smuggle unrelated functionality behind familiar branding.

Ssd 3

Medium
Confidence
93% confidence
Finding
The script persistently records command arguments to a history file in plain text via the `_log` function, and several commands pass through user-supplied parameters unchanged. This can expose secrets accidentally provided as arguments, such as tokens, internal project names, paths, or other sensitive operational data, especially because the log is stored under the user's data directory and retained over time.

VirusTotal

35/35 vendors flagged this skill as clean.

View on VirusTotal