ClawHub

Generator

Security checks across malware telemetry and agentic risk

Overview

This skill should be reviewed because it advertises a placeholder-data generator but mainly records and exposes local command/input history.

Install only if you are comfortable treating this as a local input-history logger rather than a simple data generator. Do not pass secrets, proprietary snippets, personal data, or sensitive prompts to it, and inspect or clear ~/.local/share/generator after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The skill metadata presents this as a simple placeholder-data generator, but the observed behavior described by the finding indicates persistent storage of arbitrary inputs, command/activity logging, search across logs, and export of stored data. That mismatch is security-relevant because users may provide sensitive development content under the assumption it is transient, while the skill may instead retain and expose that data through local logs and export features.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The script materially diverges from the declared skill purpose of generating placeholder data and instead exposes a broad local logging/utility interface. That mismatch is security-relevant because users may grant trust and provide inputs under a narrow data-generation expectation while the tool persists and surfaces unrelated activity data.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill creates a persistent data directory and writes timestamped activity history for arbitrary user inputs without meaningful notice or consent. In an agent skill context, this can capture sensitive prompts, identifiers, file names, or operational details that users do not expect to be retained locally.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The exposed commands form a generic toolkit for collecting, searching, exporting, and reporting on local activity rather than a focused mock-data generator. This broad functionality increases the chance of inappropriate data collection and later discovery/exfiltration of stored content, especially because search/export make retained inputs easy to enumerate.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
These command handlers persist raw user input directly into local log files, with no disclosure, filtering, or sensitivity checks. If users pass secrets, personal data, internal paths, or proprietary content, the script silently retains them and makes them available to later viewing, searching, and export.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The export routine aggregates all previously stored log contents into a new artifact, increasing the spread and persistence of potentially sensitive user data. Because the underlying logs contain raw inputs, export creates an easy bulk disclosure path and can unintentionally package confidential history into shareable files.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal