ClawHub

Bid Collection

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a procurement-monitoring assistant, but its published instructions reportedly include unresolved conflicts, unclear persistence, and broad monitoring behavior that should be reviewed before installation.

Review the SKILL.md and quick-start before installing. Do not enable monitor mode unless you understand what sources it will poll, where results and logs are written, how notifications are delivered, and how to stop it. Avoid adding custom sources you do not trust, and prefer a version with resolved merge conflicts and explicit monitoring controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The file contains unresolved merge-conflict markers and duplicated, conflicting content, which makes the skill’s authoritative behavior unclear. In a security-sensitive agent context, ambiguous instructions can cause inconsistent execution, bypass expected review, or mislead users about what the skill actually does.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The documented execution flow claims capabilities such as scheduled task creation and push notifications, but these are not present in the declared allowed tools. This mismatch is dangerous because reviewers and users cannot reliably determine what the skill is expected to do, increasing the chance of hidden persistence assumptions or unsafe future implementation changes.

Natural-Language Policy Violations

Low
Confidence
95% confidence
Finding
The README contains unresolved merge conflict markers, which indicates broken release hygiene and conflicting documentation shipped to users. While not directly exploitable by itself, this can conceal or confuse operational/security-relevant instructions and is a strong signal that the package may have been published without adequate review.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill describes persistent monitoring, logging, and writing results to local directories without a clear, explicit warning or consent flow for long-running background behavior and data retention. This can surprise users, create unintended local data exposure, and leave unattended processes running beyond the user’s expectations.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The guide instructs users to start persistent background monitoring and states that new leads are pushed via notifications, but it does not disclose that this likely triggers ongoing network requests, continuous polling, and handling of externally sourced data. In a skill that monitors procurement sources, lack of notice and controls can lead to unexpected outbound traffic, privacy concerns, and unattended interaction with remote services.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The quick-start guide allows users to add arbitrary custom monitoring sources without warning that the skill will contact third-party domains and may ingest untrusted content from them. In this context, that expands the attack surface by enabling requests to attacker-controlled sites, creating risks such as unexpected data exfiltration paths, abusive network access, or processing malicious content.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal