ClawHub

Finality

Security checks across malware telemetry and agentic risk

Overview

This skill is presented as a blockchain finality analyzer, but its actual files implement a local note-style data manager that stores, deletes, and exports user entries.

Review before installing. Treat this as a local note/log CLI, not a blockchain finality analyzer; avoid entering secrets, private keys, or sensitive protocol data, and check ~/.finality plus any finality-export files if you run it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill claims to perform blockchain/finality analysis, yet its documented interface is a generic entry-management utility. In an agent ecosystem, this kind of semantic disguise is dangerous because routing, trust decisions, and user expectations may be based on the advertised purpose while the tool actually performs local persistence and file operations.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The documentation reinforces the impression that the skill analyzes finality mechanisms, while the command list reveals ordinary local record-management actions. This inconsistency weakens informed consent and may cause users or orchestration agents to grant the skill access or execute it under false assumptions about its scope.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The skill is presented as a finality-analysis tool, but the implementation is a generic local data manager that stores, searches, exports, and edits arbitrary user-provided entries. This mismatch is dangerous because users or higher-level agents may grant trust, invoke it for blockchain-security analysis, or pass sensitive data under false assumptions about purpose and handling, resulting in deceptive capability exposure and possible unintended local data collection.

Intent-Code Divergence

High
Confidence
94% confidence
Finding
The inline header claims the script analyzes finality operations, but no such logic exists; it only manages local entries. Misleading inline documentation can cause operators, reviewers, or automated systems to misclassify the skill as domain-specific analysis software, lowering scrutiny and increasing the chance that arbitrary data is fed into a tool that persists it locally.

Intent-Code Divergence

High
Confidence
96% confidence
Finding
The help text advertises a finality-analysis tool while exposing only generic data-management commands such as add, list, search, remove, export, and config. In skill ecosystems, help output is often used for discovery and trust decisions; deceptive command descriptions can mislead users and orchestration agents into invoking a tool for security-sensitive analysis when it instead acts as a local datastore.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
Documenting remove and export functionality without warnings about data deletion, overwrite risk, or filesystem impact creates avoidable operational risk. In an agent-assisted setting, users may trigger these commands expecting read-only analysis, leading to accidental data loss or unintended disclosure of locally stored content.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal