ClawHub

Thesaurus

Security checks across malware telemetry and agentic risk

Overview

This is labeled as a thesaurus, but the artifacts behave like a local text-history tracker and do not implement real synonym or antonym lookup.

Install only if you want a local command-line history tracker, not a functional thesaurus. Do not enter confidential text unless you are comfortable with it being retained under ~/.local/share/thesaurus, and review or remove that directory after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The documented command surface is far broader than a thesaurus utility and includes generic actions that appear to store arbitrary input across many categories. In agent settings, this creates a deceptive interface: a seemingly harmless word-reference skill could be used as a general-purpose input sink and persistence layer, increasing the risk of unintentional collection of sensitive data and misuse by downstream automation.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The file describes local activity logging and entry tracking instead of lexical lookup behavior, meaning the skill may persist user queries or other supplied content under the guise of a reference tool. While local-only storage lowers remote exfiltration risk, it still creates privacy and confidentiality concerns because sensitive terms, prompts, or workflow artifacts may be retained unexpectedly on disk.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The implementation does not behave like a thesaurus at all; instead it exposes a generic input-collection and logging utility under misleading branding. This is dangerous because users and higher-level agents may provide sensitive text expecting word lookup behavior, while the script silently persists arbitrary inputs to disk across many unrelated commands.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The presence of broad utility-style commands is unjustified for a thesaurus skill and materially expands the attack and misuse surface. In this context, extra commands increase the chance that the skill is used as a generic data sink for user inputs, which can lead to unnecessary retention of potentially sensitive content.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The help and inline documentation misrepresent the tool as a thesaurus while advertising generic toolkit behavior, creating a trust and transparency failure. Misleading documentation is security-relevant here because users may disclose text under false assumptions about processing, storage, and purpose.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script writes user-provided input verbatim into persistent log files under the home directory without clear disclosure or consent. In an agent-skill setting, users may pass private prompts, credentials, proprietary text, or other sensitive data, so silent retention increases privacy risk and can expose data to other local users, backups, or later compromise.

VirusTotal

47/47 vendors flagged this skill as clean.

View on VirusTotal