ClawHub

Dialog

Security checks across malware telemetry and agentic risk

Overview

This skill is labeled as a dialog UI/design generator, but it actually provides a local entry database that stores, searches, deletes, and exports user-provided data.

Review this as a local JSONL entry-management CLI, not as a dialog UI/design generator. Install only if you intentionally want a tool that stores user-entered text under ~/.dialog or DIALOG_DIR and can export it; avoid entering secrets or sensitive project data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Tp4

High
Category
MCP Tool Poisoning
Confidence
98% confidence
Finding
The skill advertises itself as a frontend/UI dialog generator, but the documented commands implement a persistent local record-management tool with storage, search, deletion, export, and configuration behavior. This mismatch is dangerous because users or orchestrators may grant or invoke the skill under false assumptions, leading to unintended local data creation, retention, and export that falls outside the declared purpose.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The manifest says this skill generates dialog UI elements and design assets, while the command set clearly describes a CRUD-style local datastore. In agent ecosystems, this kind of semantic deception can cause incorrect trust decisions, policy bypass, or unsafe invocation paths because reviewers and users rely on the manifest to understand what a skill is allowed to do.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The documentation repeatedly frames the skill as frontend/UI generation, yet the operational details document storage-oriented behavior in a local directory. That inconsistency increases danger because it obscures the true security-relevant actions of the skill, especially persistence and export, which could be used to collect or exfiltrate sensitive local content under an unrelated-looking label.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The declared skill purpose is generating dialog UI/design assets, but the script actually implements a persistent local datastore and record-management CLI. This mismatch is dangerous because it creates hidden functionality that users and orchestrators would not expect, enabling covert data collection and file manipulation under an innocuous design-oriented label.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script persists user-provided content into a hidden local directory under the user's home directory, despite the skill being presented as a UI/design generator. In this context, undisclosed storage is risky because it can silently retain potentially sensitive prompts or data and establishes unexpected statefulness that could be abused for tracking or later exfiltration.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
Search, remove, export, and config-management capabilities materially extend the script beyond its stated UI/design purpose into local data administration. In a mislabeled skill, these features increase the operational surface for manipulating and extracting stored information, making the hidden persistence more actionable and more suspicious.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The comments and help text explicitly claim design-generation functionality while the actual commands operate on stored entries and configuration data. This deceptive presentation undermines trust and can cause users or agent frameworks to invoke the tool under false assumptions, which is especially dangerous for security review and consent.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The file documents persistent storage in ~/.dialog and export-to-file behavior without clearly warning users that invoking the skill will create, retain, and write local files. While this is less severe than the description mismatch, it still creates security and privacy risk because users may unknowingly persist sensitive information or leave recoverable artifacts on disk.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The script writes user-supplied entries to persistent local storage without warning in the help text or comments. Even if not overtly exfiltrating data, silent retention can expose sensitive information to other local processes, backups, or future export operations, and violates user expectations for a purported UI-generation tool.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal