ClawHub

Sms

Security checks across malware telemetry and agentic risk

Overview

This is a rough local SMS-template helper with broken placeholder commands, but it does not show hidden sending, credential access, network use, or exfiltration.

Install only if you are comfortable with a basic local shell helper. Avoid storing sensitive customer data or secrets in templates, review ~/.local/share/sms/ as needed, and double-check export destinations because the script may overwrite files and has weak argument handling.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The documented behavior materially exceeds and contradicts the stated purpose: the skill claims template preparation, but also exposes arbitrary file export and a send capability while lacking the advertised substitution/formatting functionality. This mismatch is dangerous because users or higher-level agents may grant trust, permissions, or invoke commands based on the description, leading to unintended data writes or real-world message transmission.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The skill is presented as a tool for preparing SMS templates, but its interface includes a send command that can trigger real message delivery. In agentic environments, this can cause unsafe action selection because a user or orchestrator may believe the skill is non-delivery-only and invoke it without appropriate consent or review.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The export command copies the template store to any user-supplied path, which exceeds the stated purpose of managing and formatting SMS templates. In an agent/skill context, arbitrary file write destinations can be abused to overwrite sensitive files or place data in unexpected locations, especially if a higher-privileged caller invokes the skill.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
Arbitrary filesystem export is not necessary for preparing bulk SMS messages and introduces a capability mismatch that broadens the attack surface. Because the command accepts an uncontrolled path, it can be used to write user data into unintended filesystem locations, making the skill more dangerous than its description suggests.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Documenting an SMS send operation without warning that it may contact real phone numbers creates a safety and privacy risk. Users may expose personal data, incur charges, or accidentally send live messages because nothing in the skill documentation signals the operational consequences.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The create command writes template data to a persistent local file without any warning or disclosure to the user. While persistence is expected for a template manager, silent writes in an agent setting can surprise users and create privacy or data-handling concerns, particularly when template contents may include sensitive message text.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The export command silently copies stored user data to an arbitrary destination path with no warning, increasing the risk of accidental disclosure or misuse. In skill execution environments, this can facilitate unreviewed data movement to sensitive locations or unexpected persistence outside the app's normal storage area.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal