ClawHub

Localsend

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent LocalSend helper, but it asks the agent to auto-accept nearby network transfers and offers post-receive actions like install, deploy, extract, and preview on untrusted files.

Install only if you are comfortable trusting an external localsend-cli script and using this on a trusted local network. Before receiving, understand that auto-accept can save files from nearby devices into the workspace; avoid using the install, deploy, extract, or preview actions on files unless you trust the sender and have inspected the content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill's receive workflow extends beyond file transfer into higher-risk post-receive actions such as deploy, install, extract, and preview. This broadens the trust boundary from passive receipt to active handling or execution of untrusted content, which can lead to code execution, unsafe deployment, or user manipulation if a malicious file is sent.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
Documenting extract, deploy, preview, and install actions as part of the normal receive flow encourages the agent to treat untrusted inbound files as immediately actionable. In a file-transfer skill, this is dangerous because nearby-network senders can deliver archives, scripts, or apps that the skill then helps operationalize, increasing the chance of compromise.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The receive mode uses auto-accept (-y) and presents the receiver as ready without a prominent warning that any nearby LocalSend client may push files into the workspace. This reduces user awareness and consent, making spam, storage abuse, and delivery of malicious payloads more likely.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The protocol explicitly states that clients skip TLS certificate verification while using self-signed certificates, which defeats authentication and makes HTTPS encryption vulnerable to man-in-the-middle attacks on the local network. In a nearby-device file transfer context, an attacker on the same network can impersonate a device, intercept transfers, or inject malicious content without users being able to detect it.

Ssd 3

Medium
Confidence
83% confidence
Finding
The state-handling rule instructs the agent to immediately forward whatever file or text the user provides, without normal review or discussion. While intended to streamline UX, it removes opportunities to validate paths, confirm unexpected content, or detect misuse such as sending unintended local files or sensitive data.

Ssd 3

Medium
Confidence
90% confidence
Finding
The skill instructs the agent to immediately surface received files in chat, including previews and file details. That can expose sensitive content from incoming transfers back into the conversation context or UI, which is especially risky for images, documents, and code that may contain secrets or manipulative content.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal