ClawHub

Tdd Helper

Security checks across malware telemetry and agentic risk

Overview

This TDD helper has a coherent purpose, but it can run raw shell commands from arguments and environment variables, so it needs review before use.

Install only if you are comfortable with this skill running local shell commands under your user account. Review every --run value and any TEST_CMD, LINT_CMD, WARN_AS_ERROR, and --tests inputs before use, and avoid using it in shared, CI, or agent environments where environment variables or command arguments may be influenced by untrusted content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
TEST_CMD = os.getenv('TEST_CMD') or f"pytest {args.tests}" if os.path.isdir(args.tests) else f"pytest {args.tests}"

print(f"Running tests: {TEST_CMD}")
res = subprocess.run(TEST_CMD, shell=True)
if res.returncode != 0:
    print("Tests failed or missing. Aborting run.")
    sys.exit(res.returncode or 1)
Confidence
98% confidence
Finding
res = subprocess.run(TEST_CMD, shell=True)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
sys.exit(lint_res.returncode or 1)

print("Tests green. Running target...")
run_res = subprocess.run(args.run, shell=True)
sys.exit(run_res.returncode)
Confidence
99% confidence
Finding
run_res = subprocess.run(args.run, shell=True)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
if os.getenv('WARN_AS_ERROR') == '1':
    lint = os.getenv('LINT_CMD') or "ruff ."
    print(f"Running lint: {lint}")
    lint_res = subprocess.run(lint, shell=True)
    if lint_res.returncode != 0:
        print("Lint/warnings failed. Aborting run.")
        sys.exit(lint_res.returncode or 1)
Confidence
97% confidence
Finding
lint_res = subprocess.run(lint, shell=True)

Tainted flow: 'TEST_CMD' from os.getenv (line 8, credential/environment) → subprocess.run (code execution)

Medium
Category
Data Flow
Content
TEST_CMD = os.getenv('TEST_CMD') or f"pytest {args.tests}" if os.path.isdir(args.tests) else f"pytest {args.tests}"

print(f"Running tests: {TEST_CMD}")
res = subprocess.run(TEST_CMD, shell=True)
if res.returncode != 0:
    print("Tests failed or missing. Aborting run.")
    sys.exit(res.returncode or 1)
Confidence
99% confidence
Finding
res = subprocess.run(TEST_CMD, shell=True)

Tainted flow: 'lint' from os.getenv (line 17, credential/environment) → subprocess.run (code execution)

Medium
Category
Data Flow
Content
if os.getenv('WARN_AS_ERROR') == '1':
    lint = os.getenv('LINT_CMD') or "ruff ."
    print(f"Running lint: {lint}")
    lint_res = subprocess.run(lint, shell=True)
    if lint_res.returncode != 0:
        print("Lint/warnings failed. Aborting run.")
        sys.exit(lint_res.returncode or 1)
Confidence
98% confidence
Finding
lint_res = subprocess.run(lint, shell=True)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill advertises executable capabilities through shell commands and environment-based configuration, but it does not declare corresponding permissions. This creates a trust and policy gap: consumers or enforcement systems may treat the skill as lower risk than it actually is, allowing command execution paths without explicit review or consent.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The helper's behavior exceeds its stated purpose by executing arbitrary shell commands for tests, linting, and the post-test run step. In agent settings, such broad execution capability materially increases the attack surface because the skill can be repurposed as a generic shell launcher rather than a constrained TDD loop helper.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal