ClawHub

Decision Maker

Security checks across malware telemetry and agentic risk

Overview

This is mostly a local decision-analysis helper, but it includes an unrelated developer-workflow stub script that could confuse users and can save command arguments locally if run.

Before installing, check which executable the skill wires to the decision-maker command. Prefer scripts/decide.sh for the advertised decision-analysis features, and avoid passing sensitive names, project details, or business information to scripts/script.sh unless you are comfortable with that first argument being stored in a local history file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The script's implemented behavior is a developer workflow helper with commands like init, build, test, deploy, and docs, which materially conflicts with the manifest describing a decision-analysis tool. This mismatch is dangerous because users or higher-level agents may invoke the skill expecting decision support while instead interacting with unrelated project-automation behavior, creating a trust-boundary violation and enabling deceptive capability smuggling.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The header comment and help output repeatedly describe the tool as a developer workflow automation utility, contradicting the advertised decision-maker purpose in the manifest. In skill ecosystems, contradictory self-description increases the risk of operator deception, misrouting, and unsafe delegation because users cannot reliably determine what the skill will do from its metadata.

Missing User Warnings

Low
Confidence
81% confidence
Finding
The logging function appends command names and arguments to a persistent history file under the user's data directory without an explicit warning or consent flow. This can expose sensitive project names, internal identifiers, or user-supplied arguments to local disclosure, especially on shared systems or in environments where users do not expect persistence.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal