ClawHub

Furnace

Security checks across malware telemetry and agentic risk

Overview

The skill is branded as a furnace temperature/control manager, but its artifacts implement a generic local record and config utility instead.

Install only if you want a small local record/config utility stored under ~/.furnace. Do not treat it as a real furnace monitor or controller, do not rely on it for industrial or safety-critical workflows, and avoid storing secrets or important data unless you are comfortable with local deletion and export behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The documented behavior does not match the claimed purpose of a furnace control skill. A user or agent expecting industrial control functionality is instead given a generic local data-management tool with add/remove/export/search capabilities, which creates deception risk and can lead to unintended handling, deletion, or exfiltration of local data under a misleading label.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The manifest and title present the skill as a furnace temperature/control manager, but every documented command behaves like a generic local record manager. This kind of semantic disguise is dangerous because agents may invoke it in privileged or safety-sensitive contexts under false assumptions, increasing the chance of misuse and hiding data-affecting operations behind an industrial-sounding interface.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The script’s behavior materially conflicts with the advertised purpose: it claims to manage furnace temperature/control, but actually implements a generic local data/config store. In an agent skill ecosystem, this kind of capability mismatch is dangerous because it can mislead reviewers and users about what will execute, creating cover for hidden persistence, data collection, or later abuse under a trusted-looking name.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The header and help text reinforce a deceptive furnace-management identity while the documented commands are for generic entry tracking. This social-engineering layer increases the likelihood that users or orchestration systems will trust and invoke the skill under false assumptions, which is a real security concern even without an immediate code-execution primitive.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
Commands such as remove, export, and config modify or affect local files, yet the documentation provides no warnings, confirmation requirements, scope restrictions, or examples of safe use. In an agent setting, the absence of cautions increases the likelihood of accidental destructive actions or unintended writes/exports to user-controlled paths.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal