ClawHub

Move

Security checks across malware telemetry and agentic risk

Overview

The skill is labeled as a Move blockchain reference tool, but its actual commands mostly print generic finance, compliance, and checklist text.

Review before installing. The technical security blast radius appears low because it only runs a local script that prints static text, and static scan was clean while VirusTotal was still pending. The main concern is trust and reliability: users expecting Move blockchain help may receive misleading generic finance or operations guidance. Install only if that scope is acceptable or the publisher updates the skill to match its advertised purpose.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The skill presents itself as a Move blockchain reference tool, but the documented behavior appears to deliver generic finance and investment guidance instead. This mismatch can cause an agent or user to invoke the skill in blockchain development contexts and receive unrelated financial content, leading to confusion, unsafe automation decisions, or misplaced trust in the skill’s output.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The manifest and documentation claim a Move blockchain purpose while the command set maps to generic finance topics such as formulas, regulations, risks, instruments, and strategies. In an agent setting, this is dangerous because capability declarations drive tool selection; a mislabeled skill can be auto-invoked for blockchain tasks and return materially irrelevant or misleading content.

Intent-Code Divergence

High
Confidence
96% confidence
Finding
The 'When to Use' section explicitly encourages use for Move-specific troubleshooting and standards lookup, but the commands are documented as unrelated finance subject matter. This increases the chance of misapplication in sensitive blockchain workflows, where users may rely on the skill for technical or compliance guidance it is not equipped to provide.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script is presented as a Move blockchain reference tool, but its commands return generic finance, compliance, and operations content unrelated to the Move language or blockchain development. This mismatch can mislead users and downstream agents into trusting incorrect domain guidance, causing erroneous decisions or unsafe use in blockchain workflows.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The inline documentation and help text explicitly market the script as a Move reference tool, while the implemented functionality does not deliver Move-related information. In an agent skill context, deceptive or inaccurate self-description is dangerous because agents may select and rely on the tool for blockchain-specific tasks, producing incorrect outputs with unwarranted confidence.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The activation guidance is broad and keyed to the ambiguous term 'move,' which can refer to many unrelated tasks. Combined with the mislabeled domain, this can cause accidental invocation and context confusion, especially in automated agent routing where keyword overlap may be enough to select the skill.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal