ClawHub

Safe Shell

Security checks across malware telemetry and agentic risk

Overview

This skill is a read-only shell helper, but its safety claims are stronger than its actual controls and it can expose sensitive local or network information.

Use this only as a best-effort command filter, not as a secure sandbox. Review each command before execution, avoid dumping environment variables or private files, and require explicit approval for network diagnostics or broad filesystem reads.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The document claims 'zero execution' and bans interpreters/PowerShell, but later explicitly allows PowerShell cmdlets and even provides PowerShell examples. This contradiction can cause implementers or agents to apply inconsistent safeguards, potentially allowing a broader execution surface than intended. In security controls, ambiguous policy is dangerous because attackers exploit edge cases and confused enforcement.

Intent-Code Divergence

Medium
Confidence
81% confidence
Finding
The skill claims 'completely forbids modification' and 'zero risk,' yet its allowlist includes commands that can trigger external interaction or have side effects depending on flags, environment, or platform behavior, such as ping, traceroute, and some system query utilities. Overstating safety encourages over-trust and may lead operators to run the skill in sensitive environments without adequate restrictions. Context makes this more dangerous because the entire value proposition is safety.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal