ClawHub

zenTable

Security checks across malware telemetry and agentic risk

Overview

This skill needs Review because it directs the agent to fetch runnable code from an external GitHub release and appears to include OCR/API behavior beyond a simple table-rendering skill.

Install only if you are comfortable trusting the external GitHub release as much as the ClawHub package itself. Review the downloaded release contents, pin an exact version or hash if possible, and avoid granting broad local file or execution access unless you need the OCR/service features and understand what data they may process.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The deployment guide describes a second OCR service/container in addition to the stated table-rendering functionality, indicating the skill can provide image text extraction capabilities beyond its declared purpose. This scope expansion is dangerous because it weakens principle-of-least-privilege assumptions for reviewers and operators, and could enable processing of user-supplied images or text in ways not covered by the manifest or expected trust model.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The documentation advertises OCR endpoints, health checks, and configurable OCR backends, which materially extend the skill from rendering tables into text extraction infrastructure. Undeclared capabilities are risky because users and platform reviewers may grant the skill access or deployment approval under false assumptions, creating opportunities for unreviewed data handling and broader attack surface.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The `Zx` shorthand is defined as a strong auto-execution trigger with broad source selection and minimal follow-up, but its activation boundaries are not tightly constrained. In an agent environment, ambiguous triggers can cause the skill to run on unintended content from the current or previous context, increasing the risk of unauthorized processing, surprising tool use, or misuse of local execution capabilities.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal