ClawHub

Context Onboarding

Security checks across malware telemetry and agentic risk

Overview

This skill is a simple read-only onboarding helper, but users should only point it at documentation they are comfortable printing into agent output.

Install only if you want a helper that prints excerpts from onboarding documents. Use the default files or explicitly approved markdown/docs, and avoid passing secrets, SSH keys, config files, home directories, or system paths through --files or --workspace because selected snippets will appear in agent output or logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill advertises and documents execution of a Python script that reads workspace files, accepts arbitrary file paths via --files, and can target another directory via --workspace, yet the skill declares no permissions. This mismatch is dangerous because it hides file-system access and possible shell/code-execution capability from the permission model, reducing user visibility and consent around what the skill can access.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill advertises a constrained onboarding function for a fixed set of identity documents, but the --files argument allows callers to request arbitrary filenames under the chosen workspace. That expands the tool into a general file disclosure primitive for any readable file in the workspace, which is broader than the stated purpose and can expose sensitive project data if an agent uses it on untrusted instructions.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The summarize_files/load_snippet flow reads and prints file contents directly from disk based on user-controlled inputs, creating a reusable file-reading capability rather than a narrowly scoped onboarding helper. In an agent setting, even limited local file read access can become dangerous because prompt instructions or tool chaining may coerce the skill into revealing secrets, credentials, or other sensitive workspace contents.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal