ClawHub

Relay

Security checks across malware telemetry and agentic risk

Overview

The skill is framed as a relay and wiring helper, but it actually behaves like a local persistent note/config manager that can store, delete, and export user-entered data.

Install only if you want a simple local record store, not a real relay-logic or wiring-diagram helper. Do not enter secrets, plant details, or sensitive operational notes unless you are comfortable with plaintext storage under ~/.relay or RELAY_DIR, and review remove/export/config commands before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The implementation does not match the declared purpose of a relay logic/wiring helper and instead behaves as a generic local data logger and config manager. This mismatch is dangerous because users may provide sensitive operational or engineering data under false expectations, while the tool silently stores and manipulates that data locally with unrelated functionality.

Intent-Code Divergence

High
Confidence
93% confidence
Finding
The header comment advertises relay logic and wiring-diagram assistance, but the script only provides CRUD-style storage, search, export, and config editing. Misleading documentation increases the chance that users will trust the tool with sensitive relay or plant information and not realize the skill is persisting arbitrary data to disk.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
User-provided entries are written to a persistent file in $HOME/.relay (or RELAY_DIR) without any clear warning, retention policy, or sensitivity guidance. In this skill context, users may enter relay status, wiring notes, or operational details, so silent local retention can expose sensitive infrastructure information to other local users, backups, or later unintended disclosure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal