ClawHub

Amateur Radio DX Monitor

Security checks across malware telemetry and agentic risk

Overview

This skill behaves like a disclosed ham-radio DX monitor, with privacy and cleanup details users should understand before enabling monitoring.

Install only if you are comfortable connecting to public DX cluster servers and, when you use your real callsign or AI setup, storing station/QTH details locally. Run it as a normal user, review any cron job before adding it, and note that monitor state is actually written to /tmp/dx-monitor-state.json.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill documents capabilities that read/write local files and invoke shell-style commands (for cron setup) but does not declare permissions up front. That creates a transparency and consent problem: users may install or run the skill without realizing it persists state, writes logs, or is intended to be scheduled for recurring execution.

Intent-Code Divergence

Low
Confidence
84% confidence
Finding
The documentation contradicts itself about where state is stored: one section says the home directory and another says /tmp. This divergence can cause users to protect, inspect, or clean up the wrong file, which weakens operational safety and can lead to accidental exposure or tampering of state data.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The setup flow collects and persists operator callsign, grid square, derived latitude/longitude, and station details into a local JSON file. While relevant to the feature set, storing precise location and station metadata without minimization, retention controls, or explicit privacy notice creates a privacy/security issue if the host is shared or compromised.

Missing User Warnings

Low
Confidence
91% confidence
Finding
The skill encourages connecting to external DX cluster servers and optionally sending the user's callsign, but it does not clearly warn about that network disclosure. Even if expected for ham radio workflows, users should be informed that their identifier and activity may be transmitted to third-party servers.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The configuration write persists sensitive operator location data, including grid-derived latitude/longitude, with no user warning about long-term storage or local exposure. On multi-user systems or in environments with weak file protections, this can leak a user's approximate home/QTH location and station profile.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The skill sends the user's callsign to third-party DX cluster servers during login, which is a network disclosure of user-identifying information. In ham radio contexts a callsign is typically public, so the sensitivity is limited, but users should still be clearly informed before external transmission occurs.

Missing User Warnings

Low
Confidence
93% confidence
Finding
The skill persists spot history in /tmp, a shared world-accessible location on many multi-user systems, without warning or secure file handling. This can expose user activity/history to other local users and also risks tampering via symlink or precreated-file attacks if the program runs with elevated privileges.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal