ClawHub

File Finder

Security checks across malware telemetry and agentic risk

Overview

This file-search skill mostly does what it claims, but its local filesystem commands are broadly scoped and some arguments are handled unsafely enough to warrant review before installation.

Install only if you are comfortable with a local script scanning directories you point it at. Avoid running it on sensitive home, credential, or system directories, and do not pass paths or arguments from untrusted text. Duplicate results should be treated as candidates only, because the script hashes only the first 64KB of matching-size files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
78% confidence
Finding
The skill advertises filesystem search behavior, which inherently requires reading directory and file metadata, but the manifest does not declare any corresponding permission. That mismatch weakens security transparency and can cause the platform or user to authorize behavior they were not clearly informed about, increasing the risk of unintended filesystem exposure.

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The stated purpose is a simple file finder, but the detected capabilities extend into filesystem inventory, duplicate detection, directory summarization, and modification-time/size analysis. That broader behavior increases privacy and reconnaissance risk because the skill can reveal sensitive structure and file characteristics beyond what a user would reasonably expect from the description.

Vague Triggers

Medium
Confidence
72% confidence
Finding
Generic triggers like help, run, info, and status provide little indication of what actions are permitted, and 'run' is especially broad. In an agent environment, vague command names can lead to accidental invocation of sensitive functionality or make policy enforcement harder because the command contract is underspecified.

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
## Usage

Run any command: `file-finder <command> [args]`

---
> **Disclaimer**: This skill is an independent, original implementation. It is not affiliated with, endorsed by, or derived from the referenced open-source project. No code was copied. The reference is for context only.
Confidence
94% confidence
Finding
Run any command

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal