ClawHub

Plc

Security checks across malware telemetry and agentic risk

Overview

The skill appears to present itself as a PLC helper while actually storing and managing generic user data locally, which needs review before installation.

Install only after checking the actual SKILL.md and scripts to confirm what data is stored in ~/.plc, how remove/export/config commands behave, and whether this is truly the PLC helper you expect. Avoid entering sensitive operational notes, credentials, or secrets unless the storage behavior is clearly documented and acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The script’s declared purpose is a PLC programming helper, but its actual behavior is a generic local datastore that records arbitrary user input and configuration values. This mismatch is dangerous because it can mislead users and reviewers into granting trust or permissions under false pretenses, while the tool quietly collects and persists unrelated data.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The inline comments and help text reinforce a false PLC-related cover story even though the code only manages generic entries and config data. In a skill ecosystem, deceptive documentation increases social-engineering risk by causing operators to misclassify the tool as domain-specific and safe, when it actually performs unrelated persistent data collection.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The skill documents file-affecting operations such as remove, export, and config changes without warnings, confirmation requirements, or safety notes. In an agent context, this can lead to unintended deletion or modification of local user data in ~/.plc/, especially if the model invokes commands automatically or on ambiguous prompts.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script persistently stores user-supplied data in a hidden directory under the user’s home path without any meaningful warning, retention controls, or privacy notice. In the context of an allegedly PLC-focused helper, users may enter sensitive operational notes or credentials, not realizing they are being written to disk indefinitely.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal