ClawHub

Signup

Security checks across malware telemetry and agentic risk

Overview

This appears to be a local signup logger, but its generic commands and broken status/export behavior can store unexpected free-form input on disk.

Install only if you are comfortable with commands saving raw text locally in ~/.local/share/signup. Avoid entering secrets or unrelated sensitive data, and treat export/status behavior as unreliable until the duplicate command handlers are fixed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Description-Behavior Mismatch

High
Confidence
94% confidence
Finding
The script's advertised purpose is signup tracking, but its exposed interface is a generic free-form logging utility with many unrelated commands. This mismatch is dangerous because users and downstream agents may trust the tool with signup-related data while it actually accepts and stores arbitrary content, increasing the chance of unintended data collection and misuse.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The command handlers persist arbitrary user-supplied text into local log files instead of operating on structured signup records. In an agent skill context, this can capture sensitive prompts, tokens, personal data, or operational context and leave them on disk indefinitely, creating a confidentiality and privacy risk.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The help text claims that 'status' performs a health check, but the first matching case instead logs user input, while the real status function is unreachable because of duplicate case labels. This deceptive behavior can cause users or agents to pass diagnostic or sensitive context expecting read-only output, only to have it stored on disk.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The help text advertises 'export <fmt>' for JSON/CSV/TXT export, but the first matching 'export' case logs arbitrary input and prevents the real exporter from ever running. This is dangerous because it misleads users into supplying parameters or data under the assumption of a safe export operation, while actually causing persistent logging instead.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The "Use when" description is broad enough to overlap with many ordinary terminal, reporting, and analysis tasks, which can cause the skill to be invoked in contexts the user did not intend. In an agent ecosystem, overbroad triggering increases the chance that unrelated user data gets routed into this skill and then logged locally.

Vague Triggers

Medium
Confidence
85% confidence
Finding
Highly generic commands like run, check, convert, analyze, and generate lack domain constraints and make the skill appear usable as a catch-all logger or utility wrapper. This ambiguity is dangerous because users or orchestrators may pass arbitrary content into commands that are then stored in persistent logs, expanding data exposure and making misuse more likely.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill advertises automatic history and activity logging without a prominent warning that user actions and data are persisted locally under a predictable directory. Even though storage is local, silent retention can capture sensitive registration details, search terms, or operational input that users may reasonably expect to be ephemeral.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
User input is written verbatim to persistent local log files without any disclosure in help text or comments. In a signup-oriented skill, users may provide names, emails, registration notes, or other personal data, so silent persistence materially increases privacy, compliance, and data-exposure risk.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The export feature aggregates activity from all log files into new files on disk, multiplying the exposure surface of previously collected data. Even though the current dispatcher bug may make this path unreachable, the code itself creates additional persistent copies without warning, which is a privacy and security concern if enabled or fixed later.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal