ClawHub

Reliability Evidence Pack

Security checks across malware telemetry and agentic risk

Overview

This local reliability logging tool is not malicious, but its validation and integrity guarantees are materially weaker than its documentation suggests.

Install only if you are comfortable treating REP as a local logging and demo validation toolkit, not as authoritative tamper-evident audit infrastructure. Isolate the artifacts directory, redact sensitive context before sharing, and avoid the GitHub Action's automatic external package install path unless you pin and review the dependency source.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The CLI advertises `--verify-hash` as if it performs real content-hash verification, but the implementation later states that actual verification is not supported and only performs a limited comparison. This can cause users or downstream automation to trust tampered artifacts as verified, undermining integrity guarantees for audit or chain-of-custody workflows.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The cross-reference validator operates on raw input items but checks fields such as `item.ok` and `item.artifact_type` that exist only on validated result objects, so the intended XREF checks are effectively skipped. In a validation tool, silently failing to enforce claimed bundle-reference integrity can let broken or malicious artifact bundles appear valid to operators and automation.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The integrity-check logic explicitly treats legacy v0.x artifacts with mismatched hashes as valid, even after recomputing a different value. That creates a tamper-detection bypass: modified legacy artifacts can pass integrity checks and be trusted by operators or downstream tooling despite failed verification.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The generate command fabricates random content_hash values instead of deriving them from artifact content, so generated artifacts carry meaningless integrity metadata. Any workflow that relies on these hashes for authenticity or tamper detection will be misled, and later verification will fail or produce inconsistent trust decisions.

Missing User Warnings

Low
Confidence
78% confidence
Finding
The spec explicitly tells subagents to append artifact records to local JSONL files, including operational context and potentially sensitive audit content, without requiring consent, disclosure, retention controls, or sanitization. In agent environments, silent persistence to disk can leak secrets, user data, or internal state into files that may be world-readable, backed up, exported, or later exfiltrated.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal