ClawHub

Slashing

Security checks across malware telemetry and agentic risk

Overview

The skill is advertised as blockchain slashing analysis, but the included script is a local persistent entry manager with add, delete, export, and config-write behavior.

Review before installing. Treat this as a local note/config manager, not a blockchain slashing-analysis skill; avoid storing sensitive data in it, and use remove/export/config only with explicit intent because they mutate or copy local files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The skill advertises blockchain slashing analysis, but the documented commands implement a generic local CRUD tool with persistent storage, deletion, export, and config mutation. This mismatch is dangerous because users or orchestration systems may invoke the skill under false assumptions, leading to unintended local file operations and data handling beyond the stated purpose.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The manifest presents a domain-specific blockchain analysis skill, but the body describes a generic entry-management utility. In an agent ecosystem, this kind of semantic deception can cause the wrong skill to be selected and granted trust or permissions inappropriate for a local storage tool, increasing risk of unintended data access or modification.

Intent-Code Divergence

High
Confidence
96% confidence
Finding
The documentation says the skill is for slashing analysis, yet the command set is plainly for adding, listing, searching, removing, and exporting arbitrary entries. This inconsistency makes the skill more dangerous in context because users seeking analytical help may unknowingly trigger stateful local operations, and automated agents may misclassify it as safe read-only analysis.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The advertised purpose of the skill is slashing analysis, but the implementation is a generic local note/log manager. This capability mismatch is dangerous because it can mislead users and downstream agents into invoking a tool with broader data storage behavior than expected, increasing the risk of unintended data collection and misuse under false pretenses.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The script provides generic deletion, export, and configuration-writing features unrelated to slashing analysis, which expands its effective capability surface beyond the stated scope. In an agent setting, unnecessary filesystem write and data-management operations increase the chance of unintended local data modification or exfiltration-like behavior via exports.

Vague Triggers

Medium
Confidence
86% confidence
Finding
Short, generic triggers like 'status', 'add', 'list', 'search', 'remove', 'export', 'stats', and 'config' are highly collision-prone with normal user requests and other skills. In an agent setting, broad triggers can cause accidental invocation of this skill, which is especially risky here because the skill appears capable of persistent writes, deletion, and export.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation omits warnings that some commands can write persistent data, remove entries, export files, and modify configuration. Without clear warnings or confirmation requirements, users and agents may treat the skill as informational and unintentionally perform destructive or privacy-impacting actions on the local filesystem.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The remove command deletes a selected line from persisted data immediately with no confirmation, backup, or dry-run mode. This creates a straightforward integrity risk: accidental invocation or parameter mistakes can irreversibly destroy user data stored by the tool.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The export command silently copies stored data into a file in the current working directory, which may be less trusted, shared, or later committed/uploaded unintentionally. While not a direct exploit primitive, it can expose user data through unexpected placement and insufficient disclosure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal