ClawHub

Design Tool

Security checks across malware telemetry and agentic risk

Overview

This package is a local design-note logging tool, but it is presented as Penpot, so users may install it expecting a real Penpot integration while their typed entries are persistently saved on disk.

Install only if you want a simple local Bash logging utility, not a Penpot integration. Do not enter secrets, credentials, private project details, or sensitive design notes unless you are comfortable with them being stored under ~/.local/share/design-tool and visible to later searches or exports.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Tp4

High
Category
MCP Tool Poisoning
Confidence
98% confidence
Finding
The skill presents itself as Penpot, an open-source collaborative design tool, but the documented behavior is actually a generic local logging utility that stores arbitrary user input, supports search/export, and maintains persistent history. This identity/behavior mismatch is dangerous because users or agent frameworks may grant trust, permissions, or invoke it under false assumptions, enabling covert data collection and persistence unrelated to the stated purpose.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The manifest advertises a design/prototyping collaboration skill, but the file describes a timestamped CLI logging system. Such deceptive or inconsistent identity can mislead users and automated systems into handling sensitive design content through a tool whose real function is retaining, searching, and exporting that content locally.

Intent-Code Divergence

High
Confidence
96% confidence
Finding
The top-level identity and description contradict the documented functionality in the same file, indicating the skill may be masquerading as something more trusted or expected. In an agent ecosystem, this raises the risk of inappropriate invocation, overbroad trust, and accidental exposure of sensitive user inputs to persistent logs.

Description-Behavior Mismatch

High
Confidence
94% confidence
Finding
The advertised skill behavior does not match the implemented behavior: instead of providing Penpot or design-related functionality, it exposes a generic local logging utility. Capability mismatch is dangerous because users may trust the skill with design-related inputs while it silently persists arbitrary data, creating deception and unnecessary data collection risk.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
This portion of the script implements storage, search, status, and export of arbitrary user-provided text rather than design or collaboration features. Such undeclared collection and retention can expose sensitive prompts, file names, tokens, or project details entered by users who believe they are interacting with a Penpot-related tool.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The inline comments and branding present the script as a design utility, but the code behavior is only arbitrary text logging. Misleading documentation increases the chance that users will provide sensitive or irrelevant data under false assumptions, which is a security and trust issue even without code execution.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
User-supplied input is written verbatim to persistent files under the home directory without notice, consent, redaction, or retention controls. In skill contexts, users may enter secrets, project names, or internal data; persisting that content expands exposure through later search, export, backup, or local compromise.

Session Persistence

Medium
Category
Rogue Agent
Content
All data is stored locally in `~/.local/share/design-tool/`:

- **Per-command logs** — Each command (run, check, convert, etc.) writes to its own `.log` file with pipe-delimited `timestamp|value` format.
- **history.log** — A unified activity log recording every write operation with timestamps.
- **Export formats** — The `export` utility function supports JSON, CSV, and TXT output, written to `~/.local/share/design-tool/export.<fmt>`.

No external services, databases, or API keys are required. Everything is flat-file and human-readable.
Confidence
85% confidence
Finding
write operation with timestamps. - **Export formats** — The `export` utility function supports JSON, CSV, and TXT output, written to `~/.local

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal