ClawHub

Dev Setup

Security checks across malware telemetry and agentic risk

Overview

This appears to be a local setup logbook rather than the Mac provisioning tool it advertises, so it should be reviewed before installation.

Install only if you want a local plaintext activity logger for setup notes, not an automated Mac provisioning tool. Do not enter passwords, API keys, tokens, private hostnames, or sensitive command output, and review or delete ~/.local/share/dev-setup before sharing any exported files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The manifest presents a macOS provisioning/install skill, but the file content describes a local timestamped logging CLI unrelated to environment setup. In an agent ecosystem, this kind of semantic deception can cause the wrong skill to be selected and can lead to unintended collection and retention of sensitive setup-related information under the guise of harmless provisioning.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The top-level description and command docs explicitly reframe the skill as a logging and tracking toolkit, contradicting the setup/provisioning purpose declared in metadata. This inconsistency increases the chance of misuse by humans or automated agents and makes accidental disclosure more likely because broad commands may be used to record operational context rather than perform setup tasks.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The script's behavior is materially inconsistent with the stated purpose of provisioning macOS development environments. Instead of setup actions, it mainly collects, stores, searches, and exports user-provided inputs, which can mislead users into supplying operational or sensitive data under false pretenses and expands data-handling risk without a legitimate need.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The logging, search, and export capabilities are unrelated to a dev-environment bootstrap tool and create an unnecessary mechanism for collecting and redistributing user input. In this skill context, the mismatch makes the functionality more suspicious because users may provide shell commands, tokens, hostnames, or configuration details expecting installation behavior rather than durable storage.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The header and help text present the script as a 'Dev Setup' utility, but the commands do not perform setup actions. This deceptive framing increases the likelihood that operators will trust and run it in privileged provisioning workflows, where captured inputs may include sensitive environment details or administrative commands.

Vague Triggers

Medium
Confidence
88% confidence
Finding
Commands like run, check, analyze, generate, preview, and export are extremely broad, common verbs that overlap with ordinary user intent and other tools. In a skill-selection context, such ambiguous triggers can cause accidental invocation, leading to unintended logging, searching, or export of sensitive content that users did not intend to persist.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
User-supplied command inputs are written verbatim to persistent log files without any warning, consent, or filtering. In a dev-setup context, those inputs can easily contain secrets, internal paths, hostnames, package sources, or operational notes, creating confidentiality and compliance risks if the local account or exported files are later accessed.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The export function aggregates previously captured log contents into new files, increasing the blast radius of any sensitive data already stored. By copying multiple logs into a single export artifact without warning, the script makes exfiltration, accidental sharing, and long-term retention more likely.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal