ClawHub

Sort

Security checks across malware telemetry and agentic risk

Overview

This is mostly a local sorting tool, but it persistently records file-use history and has a JSON fallback path that can execute unintended local code with crafted input.

Install only after review. Avoid using this on sensitive filenames or private data unless you are comfortable with local history in ~/.local/share/sort/history.log. Prefer having jq installed, and avoid the json command with untrusted file paths or keys until the Python fallback is rewritten to pass arguments safely.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The skill advertises itself primarily as a sorting utility, but the documented behavior extends into analytics functions and persistent history logging. The logging is the most security-relevant mismatch: users may invoke the skill on sensitive file paths or data without realizing that usage metadata is written to disk, creating privacy and data-retention risk beyond the stated purpose.

Description-Behavior Mismatch

Low
Confidence
98% confidence
Finding
The script creates a persistent per-user data directory and stores operation history in a log file, even though the advertised purpose is sorting and deduplication. Logging accessed file paths, commands, and parameters can expose sensitive filenames, workflows, and data usage patterns without user awareness or consent.

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The log_operation function writes every invocation to a persistent history file, which is unrelated to core sorting behavior and therefore an unjustified capability. This creates a covert data-retention channel that can leak operational metadata and potentially sensitive filenames across sessions.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script writes file operation history to a persistent location under the user's home directory without any user-facing warning, prompt, or consent. In agent environments, this can silently accumulate sensitive metadata about processed files and user activity, making the behavior more dangerous than in a standalone local utility.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal