ClawHub

๐Ÿฆ„ Unicon CLI

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed icon-management skill with some broad optional file-writing features that users should run intentionally.

Install only if you trust the @webrenew/unicon npm package. Run file-writing commands from the intended project directory, review generated changes, avoid --all or --force for assistant-skill installation unless you want persistent AI-tool rules added or overwritten, and sanitize or precompile SVG content instead of blindly rendering remote API SVG in sensitive applications.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Output HandlingUnvalidated Output Injection, Cross-Context Output, Unbounded Output
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The documented `unicon skill` command allows the tool to write instruction files into multiple IDE and agent rule directories, which expands the product from icon management into modifying AI-assistant behavior. That cross-domain capability is risky because it can silently influence developer tooling and prompt context in places unrelated to icon handling, increasing the chance of persistence or policy injection through generated skill files.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
Installing files into `.claude`, `.cursor`, `.windsurf`, `.agent`, `.codex`, and similar directories is not necessary for ordinary icon retrieval or bundling, so this capability materially exceeds the stated scope of the skill. Such directory writes can alter IDE or agent behavior across a repository, creating an avenue for unauthorized influence, persistence, or unexpected execution of assistant rules.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation provides a React example that injects raw SVG content via dangerouslySetInnerHTML without any warning, validation, or sanitization guidance. Because icon.content comes from an external API and is rendered as HTML/SVG markup, a compromised backend, malicious upstream icon source, or future data integrity issue could turn this into script-capable SVG/DOM injection and XSS in consumer applications.

Unvalidated Output Injection

High
Category
Output Handling
Content
return (
    <svg
      viewBox={icon.viewBox}
      dangerouslySetInnerHTML={{ __html: icon.content }}
      fill={icon.defaultFill ? "currentColor" : "none"}
      stroke={icon.defaultStroke ? "currentColor" : "none"}
      strokeWidth={icon.strokeWidth ?? 2}
Confidence
98% confidence
Finding
dangerouslySetInnerHTML={

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal