ClawHub

File Converter

Security checks across malware telemetry and agentic risk

Overview

This is a local file conversion utility with documentation drift, but no evidence of exfiltration, destructive behavior, credential use, or hidden persistence.

Reasonable to install for local file conversion. Treat it as a broader file utility than the short manifest implies, and only run it on files you are comfortable having displayed in the agent session.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Tp4

High
Category
MCP Tool Poisoning
Confidence
87% confidence
Finding
The skill metadata describes a narrower converter than the documented command set, which includes additional data transformation and file-inspection features. This mismatch is dangerous because users and policy systems may grant trust based on the declared purpose while the skill performs broader operations on local content, increasing the chance of misuse or unintended data exposure.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The manifest header and the body documentation advertise different capabilities and command sets, creating ambiguity about what the skill actually does. This undermines review, user consent, and automated policy enforcement because operators may rely on incomplete or inconsistent documentation when deciding whether to install or invoke the skill.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill implements extra commands (such as md2csv, xml2json, json2xml, minify, and prettify) that are not declared in the manifest. This expands the skill's effective attack surface beyond what users, reviewers, and policy enforcement may expect, creating a capability mismatch that can hide risky functionality and bypass command-level scrutiny.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The script exposes a much broader command surface than the skill metadata claims, including HTML conversion, SQL generation, encoding, file inspection, and hex dumping. This is dangerous because hidden or undeclared capabilities bypass user and platform expectations, increasing the chance the skill is invoked for unintended data handling or disclosure workflows and making security review incomplete.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The binary inspection and encoding utilities (`hex`, `base64-enc`, plus file metadata via `detect/stats`) are outside the stated file-format conversion scope and can be used to inspect or transform arbitrary local file contents. In an agent skill context, that expanded functionality increases the risk of unintended sensitive data exposure, especially when users or orchestrators believe the tool is limited to benign format conversion.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal