ClawHub

Stopwatch

Security checks across malware telemetry and agentic risk

Overview

This skill is advertised as a stopwatch/timer, but the artifacts mainly implement persistent local text logging with search/history behavior.

Install only if you want a local timestamped logbook, not a real stopwatch or countdown timer. Avoid entering secrets, credentials, private notes, or sensitive operational details, because entries are stored under ~/.local/share/stopwatch and may be searchable or redisplayed later.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The manifest advertises stopwatch, timer, and lap tracking, but the body describes a broad timestamped logging framework with history, search, stats, and export. In an agent ecosystem, this kind of semantic mismatch can cause unsafe tool selection and accidental routing of sensitive task content into persistent local storage.

Intent-Code Divergence

High
Confidence
96% confidence
Finding
The command set does not implement stopwatch or timer semantics and instead exposes generic record-keeping operations such as generate, batch, config, report, and export. That makes the skill materially more dangerous than advertised because users may provide arbitrary operational or sensitive text believing they are interacting with a harmless timing tool.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The implementation materially diverges from the advertised stopwatch/timer/lap-tracking purpose and instead exposes a generic input logging toolkit with unrelated commands. This mismatch is dangerous because users may trust the skill with task data under the assumption of a simple timing utility, while the script actually creates persistent records and auxiliary data-handling features not justified by the declared function.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The core command handlers do not implement stopwatch behavior at all; they merely append arbitrary user input to persistent log files and echo it back. In the context of a timing skill, this is a deceptive data-capture mechanism that can collect sensitive free-form text while providing none of the promised functionality.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
Search, export, recent-history, and reporting functions over historical inputs create a secondary data retrieval surface that is unnecessary for a basic stopwatch utility. These capabilities increase the chance that previously entered content is exposed to other local users, terminal history viewers, or downstream tools consuming exported files.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The documentation does not prominently warn that user-provided input is written to persistent local log files and may later be exported. Even if storage is local only, the lack of clear disclosure creates privacy and data-handling risk because users may enter secrets, internal notes, or other sensitive content unintentionally.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script persistently stores user-provided text in local log files without any prominent notice, consent flow, or retention controls. Users of a stopwatch utility are unlikely to expect their arbitrary command input to be archived, so this creates a privacy and accidental secret-retention risk.

Ssd 3

Medium
Confidence
94% confidence
Finding
By recording arbitrary natural-language inputs and later redisplaying them through recent/search/export/status flows, the tool creates a durable disclosure path for anything a user typed, including secrets or sensitive operational notes. In a skill presented as a stopwatch, this context makes the behavior more suspicious because such retention is not functionally necessary and is likely unexpected.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal