ClawHub

Skill Oracle

Security checks across malware telemetry and agentic risk

Overview

This catalog skill is mostly documentation, but it includes an under-disclosed Python helper that can load local external code and inject local knowledge-base content into prompts.

Review or disable brain_enhance.py before installing if you only want the static catalog. Be aware that the helper can draw from a local Company Brain installation, and manually approve any recommended clawhub install commands or paid-product suggestions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill dynamically consults a separate local 'company-brain' subsystem even though the skill is described as curated Markdown documentation rather than an active integration. This expands the trust boundary and allows unreviewed external content or behavior to influence outputs, creating a mismatch between the documented capability and actual runtime behavior.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The code prepends an external workspace path to sys.path and imports a separate module at runtime, enabling behavior from code outside the reviewed skill package. That undermines supply-chain integrity and makes the skill's effective behavior depend on mutable external files not justified by its stated purpose.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The use case text says the skill may be recommended proactively through ordinary conversation, which can cause broad or unintended invocation in contexts where the user did not explicitly ask for marketplace discovery or promotional recommendations. In this skill's context, that is more concerning because the catalog also contains the publisher's own products and paid upsells, creating a risk of unsolicited promotion, context hijacking, or inappropriate tool suggestions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal