ClawHub

Survey

Security checks across malware telemetry and agentic risk

Overview

This survey skill does not appear malicious, but it stores broad user input locally while advertised survey/export/status functions do not reliably do what they claim.

Review before installing. Avoid using this with personal, customer, employee, research, medical, financial, or confidential survey data unless the publisher fixes the command behavior and clearly documents what is stored, where it is stored, how long it remains, and how to delete it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The script’s advertised purpose is survey creation and analysis, but nearly all command handlers simply persist arbitrary user input to local log files. This kind of capability/behavior mismatch is dangerous because users or higher-level agents may trust it with survey data, believing analysis or structured handling occurs, when the tool instead stores raw potentially sensitive content without delivering the promised function.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The help text claims commands like export, status, and report perform substantive functions, but the main dispatch routes many of those commands into branches that only record the supplied input. This misleading interface can cause users or agents to expose sensitive survey content under false assumptions about processing, and it also obscures the existence of the real helper functions because duplicate case labels make them unreachable.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The manifest description is broad enough to match many generic data-processing tasks such as creating forms, checking responses, converting data, analyzing trends, and generating reports. In agentic environments, overly broad invocation language can cause the skill to be selected in contexts involving sensitive datasets, increasing the chance of unintended access, storage, or export of user data.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly states that results go to stdout, can be saved to files, and that data is stored in a local directory, yet it does not warn that survey responses may contain sensitive personal or confidential information. This omission can lead users to export or persist sensitive response data without understanding the privacy implications or applying appropriate safeguards.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
User input is written verbatim into persistent files under ~/.local/share/survey without any clear warning, consent flow, retention policy, or sanitization. In the context of a survey skill, users are especially likely to provide personal or confidential response data, so silent persistence increases privacy and data-handling risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal