ClawHub

Spec Workflow Mcp

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local workflow logger that stores notes in plaintext, with no evidence of hidden network, credential, or destructive behavior.

Install only if you are comfortable with workflow notes being kept as plaintext files under ~/.local/share/spec-workflow-mcp. Do not enter passwords, API keys, customer data, or confidential plans, and periodically review or delete that directory if you no longer want the history retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill stores user-provided content persistently in plaintext under a local data directory, but the description does not prominently warn users before encouraging use. In AI-assisted workflows, users may enter sensitive project details, review notes, or reminders, creating a confidentiality risk if local files are later accessed by other users, backup systems, or unrelated tooling.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
User-supplied text is persisted verbatim to local log files without any notice, consent prompt, retention limit, or masking. In an AI-assisted workflow, users may enter secrets, internal project details, or sensitive notes, which then remain on disk and can later be read, searched, or copied unintentionally.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The export feature aggregates all previously logged content into a new file in plain text/CSV/JSON without any sensitivity warning or filtering. This increases the blast radius of sensitive data exposure by creating a consolidated copy that is easier to share, back up, or leak accidentally.

Ssd 3

Medium
Confidence
96% confidence
Finding
The overall design persistently records arbitrary natural-language inputs and provides commands to search, display recent activity, inspect status, and export logs in plain text. In the context of an agent skill, this is more dangerous because users may treat it like a workflow helper and paste confidential prompts, plans, credentials, or internal data that then become durable local artifacts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal