ClawHub

Animation

Security checks across malware telemetry and agentic risk

Overview

This is a local animation-snippet generator with disclosed file storage and export behavior, but users should be careful with output paths and generated HTML previews.

Install only if you are comfortable with a local Bash/Python script creating ~/.animation/data.jsonl and writing export or preview files. Do not pass sensitive system paths to --output, and treat generated preview.html files as code you created before opening or sharing them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill clearly describes reading and writing local files (`~/.animation/data.jsonl`, exported files, and preview HTML) and likely uses environment/home-directory context, yet it declares no permissions or user-facing consent model. This creates a transparency and safety gap: an agent may invoke filesystem-affecting behavior without the user understanding that persistent local state and file creation will occur.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The export and preview features allow writing attacker-controlled content to arbitrary filesystem paths via --output, which exceeds the stated animation-snippet purpose and can overwrite user files. In an agent context, unrestricted file writes are dangerous because they can be abused to plant HTML/CSS artifacts, replace config files, or drop content into sensitive locations accessible to the current user.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The code opens whatever path is supplied in --output with write mode and no validation, enabling arbitrary file overwrite with the privileges of the invoking user. Even though this is framed as export functionality, in a tool-call or agent workflow this becomes a generic file-write primitive that can be misused beyond the animation domain.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The preview command generates a full HTML document from stored animation data and writes it to disk, which is more than simple snippet generation and creates a potentially active content file. Because animation names and code are user-controlled and inserted into HTML/CSS, this can produce unsafe local HTML artifacts that may execute script-like payloads when opened in a browser.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The skill stores animation records persistently in `~/.animation/data.jsonl`, but the description does not prominently warn users that data will be written to their home directory. While not inherently malicious, silent persistence can expose sensitive generated content, surprise users, and violate expectations in environments where local writes should be opt-in.

Missing User Warnings

Low
Confidence
85% confidence
Finding
The `preview` command creates a local HTML file, but that side effect is not surfaced as a clear warning alongside the command description and examples. Generating browser-openable HTML can be a meaningful filesystem side effect and, depending on included content, may introduce privacy or trust concerns if users do not expect a file to be created.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The preview command writes directly to preview.html or a user-specified path without prompting, warning, or overwrite protection. Silent file creation/overwrite is risky in automated environments because it can unexpectedly replace user content or create executable/viewable artifacts without informed consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal