ClawHub

Proofreader

Security checks across malware telemetry and agentic risk

Overview

The proofreader function is mostly local, but the package also includes an unrelated command-line utility that stores user input and command history without clear disclosure.

Review before installing. Use scripts/proofread.sh for proofreading, and avoid using the bundled generic script with sensitive text unless you intentionally want local add/search/export behavior and retained logs under the proofreader data directory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The implementation materially differs from the declared skill purpose: instead of proofreading or text-correction, it provides a generic local data/logging CLI with commands for add, search, export, and list. This mismatch is dangerous because users or host systems may grant trust, permissions, or invoke the skill under the assumption it processes text safely, while it actually persists arbitrary local data and exposes it via export/search operations.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The file header and help output describe the tool as a generic 'Multi-purpose utility tool,' which directly conflicts with the declared proofreader identity. Contradictory identity and documentation increase the risk of deceptive packaging, operator confusion, and misuse, especially in ecosystems where skill descriptions influence approval or trust decisions.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The script creates a persistent data directory and writes logs/data files locally without any visible disclosure to the user in help text or manifest-aligned documentation. Undisclosed persistence is risky because user-supplied content and command history may be retained unexpectedly, creating privacy and data-governance issues even if the storage is only local.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal