ClawHub

Funnel Analyzer

Security checks across malware telemetry and agentic risk

Overview

This skill contains a real funnel analyzer, but it also ships an under-described generic utility that stores local data and command history.

Review before installing. If you use it, prefer the intended scripts/funnel.sh workflow, avoid entering secrets or sensitive business metrics into the generic funnel-analyzer commands, and check ~/.local/share/funnel-analyzer for retained data if the generic script has been run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The implemented script does not match the declared funnel-analysis purpose and instead acts as a generic local data/logger utility. This kind of capability mismatch is dangerous because it can mislead users into granting trust or providing business data under false expectations, while the tool quietly stores and exposes data in ways unrelated to the advertised skill.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The inline description explicitly calls the tool a 'Multi-purpose utility tool', which contradicts the declared identity of a funnel analyzer. This inconsistency is a security concern because deceptive or ambiguous labeling can hide unexpected behaviors and undermines a user's ability to make informed trust decisions about the skill.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script creates a persistent data directory and stores user-provided content in local files without any upfront notice or consent flow. In the context of an analytics skill, users may reasonably input sensitive business metrics or identifiers, so undisclosed persistence increases privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The _log function records command arguments to history.log, which can capture sensitive search terms, identifiers, or business data passed on the command line. Because this logging is silent and automatic, it creates a privacy leak and expands the blast radius of any local compromise or accidental file sharing.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal