ClawHub

Netping

Security checks across malware telemetry and agentic risk

Overview

NetPing is a disclosed command-line network diagnostics skill, but its scan and subnet sweep features should only be used on systems you are authorized to test.

Install only if you need command-line network diagnostics. Use port scans, traceroute, HTTP checks, and subnet sweeps only on hosts or networks you own or have explicit permission to test, because those actions generate network traffic and may trigger monitoring or policy violations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill advertises and relies on shell-based networking operations but does not declare permissions, which creates a transparency and trust problem for any platform enforcing capability boundaries. Because the commands include active network probing and shell execution, users or orchestrators may invoke it without understanding that it can perform scans and outbound requests.

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The stated description undersells the full behavior of the skill: beyond simple ping, port, and DNS checks, it also supports traceroute, HTTP probing, latency measurement, and subnet-wide host discovery. That mismatch is dangerous because broader reconnaissance capabilities can be hidden behind a seemingly routine diagnostics tool, increasing the chance of misuse or unauthorized internal network enumeration.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The script exposes additional capabilities beyond the declared skill description, including traceroute, HTTP probing, latency measurement, and subnet sweeping. Undocumented network-enumeration features reduce transparency and can bypass user or platform expectations about what the skill is allowed to do, increasing the risk of misuse in an agent environment.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The subnet sweep command performs active host discovery across up to 254 addresses, which is materially broader than simple reachability testing or DNS lookup. In an agent context, this enables network reconnaissance of internal or adjacent networks and could be abused for unauthorized discovery, making the capability more dangerous than the stated purpose suggests.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal