ClawHub

Ml Roadmap

Security checks across malware telemetry and agentic risk

Overview

This is a simple local command-line logging tool for ML roadmap notes and content drafts, with plaintext history disclosed and no evidence of network access, credential use, hidden execution, or destructive behavior.

Install only if you are comfortable with a local CLI that saves everything you enter as plaintext under its ml-roadmap data directory and can later search or export it. Do not enter passwords, API keys, private personal data, or confidential drafts unless you intend them to remain on disk; also verify the install/invocation path because the package does not clearly document how the script is wired to the ml-roadmap command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill is presented as a machine learning roadmap tool, but its documented behavior is actually a generic local content logging and workflow utility that stores arbitrary user input, tracks history, supports search/export, and provides unrelated content-generation style commands. This mismatch is dangerous because users may grant trust or provide sensitive material under the assumption that the skill is narrowly scoped to ML learning, while it actually accumulates and exposes broader local data through logs, exports, and history features.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The script's implemented behavior does not match the declared machine-learning-roadmap purpose. Instead of providing learning-roadmap functionality, it acts as a generic content capture and marketing/logging tool, which can mislead users into running a capability set they did not consent to and increases the risk of inappropriate data collection.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
The commands exposed by the script are oriented around drafting, editing, optimization, hashtags, hooks, CTAs, and similar marketing workflows that are not justified by a machine-learning roadmap skill. This mismatch is dangerous because users may provide educational or personal content under false assumptions while the tool quietly stores and processes unrelated material.

Intent-Code Divergence

Medium
Confidence
87% confidence
Finding
The inline comments explicitly describe the script as a 'content tool' and 'content toolkit,' directly contradicting the advertised ML-roadmap identity. This kind of identity inconsistency is a trust and transparency issue that can conceal unexpected behavior and frustrate meaningful user consent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script creates a persistent data directory and writes user-provided content into local log files without any upfront notice, retention policy, or privacy controls. In a conversational or assistant-integrated context, users may reasonably expect ephemeral processing, so silent persistence increases the chance of storing sensitive prompts, drafts, or personal data.

Ssd 3

Medium
Confidence
94% confidence
Finding
User-supplied content is stored in plaintext and can later be surfaced through search, recent, status, and export commands, making previously entered material easy to redisclose. In skill contexts where users may enter drafts, notes, or sensitive text, this broad retrieval surface materially increases exposure risk, especially on shared machines or multi-user environments.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal