ClawHub

Boggle Solver

Security checks across malware telemetry and agentic risk

Overview

This skill is a Boggle solver whose only notable side effect is a disclosed first-run download of dictionary data needed for solving boards.

Install if you are comfortable with the skill downloading large dictionary text files from GitHub on first use and caching them locally. For offline or high-integrity environments, preinstall or review the dictionaries and consider pinning/verifying their hashes before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill advertises itself as a local, dictionary-based solver, yet its documented behavior includes file access and network retrieval of dictionaries. Undeclared network and file-read capabilities expand the trust boundary and can surprise users or hosting systems that rely on the manifest to understand what the skill may do.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The manifest and top-level description present the skill as a local dictionary solver, but the documentation reveals that it downloads dictionaries from GitHub on first run. This discrepancy is security-relevant because users and reviewers may approve a seemingly offline skill that actually performs network access and ingests remote content.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The documentation claims words are validated exclusively against bundled dictionaries, but later states the dictionaries are auto-downloaded if missing. Conflicting claims about whether data is bundled or fetched remotely can mask supply-chain and privacy risks, because runtime behavior depends on external content rather than solely packaged assets.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The script silently fetches missing dictionary files from a remote GitHub URL at runtime, introducing unexpected network access and a software supply-chain dependency into what is described as a local board-solving skill. If the remote content changes, is compromised, or traffic is intercepted in a hostile environment, the skill's behavior and outputs can be influenced without any local package update or integrity verification.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
This code gives the skill outbound network capability to download data from an external GitHub endpoint even though the skill's purpose does not require network access during normal operation. That expands the attack surface, can violate sandbox or privacy expectations, and creates risk of remote content manipulation or operational failure if the endpoint is unavailable.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal