ClawHub

Editorconfig Linter

Security checks across malware telemetry and agentic risk

Overview

This is a local EditorConfig linting skill with a disclosed auto-fix mode, so the main risk is accidental formatting changes if users run fix broadly.

Install only if you are comfortable running a local Python formatter/linter over project files. Use check mode first, run fix only on a narrow path in a version-controlled workspace, and review the diff before committing changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill clearly instructs the agent to read local files such as `.editorconfig` and source trees (`src/`), but no permissions are declared to communicate that capability. This creates a transparency and policy-enforcement gap: an operator may treat the skill as lower risk than it is, while the skill can still access repository contents and expose file-derived data in output.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The declared description says the skill validates syntax and checks compliance, but the documented commands also include `fix` (which modifies files in place) and `show` (which reveals effective configuration for a file). This mismatch is dangerous because users or orchestration systems may invoke the skill under the assumption it is read-only, when it actually has write-side effects and broader data exposure behavior.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill includes a `fix` capability that rewrites repository files, while the declared skill description presents it as a validator/checker. That mismatch is security-relevant because users or orchestrators may grant it read-only trust and invoke it without realizing it can modify source files, creating integrity and change-control risk.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The CLI help advertises an auto-fix command even though the skill metadata describes only validation/checking. In an agent setting, this hidden expansion of capability can cause unintended file modifications if downstream tooling assumes the skill is non-mutating based on its manifest.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The `fix` command is presented without any warning that it rewrites files, which increases the chance of accidental destructive or unexpected changes in a repository. In an agent setting, undocumented mutation is especially risky because automated workflows may run the command assuming it is a safe lint/check operation.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
`fix_file` writes changes back to disk directly with `open(filepath, 'wb')` and there is no confirmation, backup, or safety interlock before modifying repository contents. In an automated workflow this can silently alter many files, break builds, or destroy formatting/encoding details users did not intend to change.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal