ClawHub

Linguistic Landscape Analyzer

Security checks across malware telemetry and agentic risk

Overview

This is a local text-analysis skill that reads CSV files from its own data folder and writes reports to its own reports folder, with some documentation and parameter mismatches but no evidence of hidden exfiltration or destructive behavior.

Install only if you are comfortable with a local MCP tool reading CSV files from its data folder and creating Markdown reports in its reports folder. Review generated reports before sharing them, avoid placing sensitive unrelated data in the skill's data directory, and note that the documented outputPath and date parameters are not honored in this version.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The documentation asserts reports are confined to the skill's reports/ directory, but the exposed tool interface allows a caller-supplied outputPath. If implementation follows that interface without strict path validation, a user or calling agent could write Markdown files to arbitrary filesystem locations, enabling unintended file overwrite or data placement outside the declared safe directory.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill exposes capabilities beyond its stated purpose: it not only performs sentiment and keyword analysis, but also reads local note datasets and writes weekly reports to disk. This mismatch can mislead users and orchestrators into granting or invoking broader file-system-affecting behavior than expected, which is a security-relevant transparency and consent failure.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The generate_weekly_report interface advertises control over startDate, endDate, and outputPath, but the implementation ignores these inputs and always reads from a fixed CSV and writes to a fixed file location. This discrepancy is dangerous because callers may make trust decisions based on the declared interface while the actual behavior performs undisclosed local file writes regardless of provided parameters.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The design explicitly includes automated weekly report generation via cron, with outputs saved to files and potentially sent to users, but it provides no requirement for explicit user consent, path restrictions, overwrite protection, or disclosure of automated side effects. In an agent/MCP context, unattended scheduled writes increase the risk of unexpected file creation, data leakage, or clobbering user data if later implemented as described.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The tool specification allows a user-supplied outputPath for report generation without any warning or stated safeguards around file creation or overwriting. In practice, this can enable destructive or unsafe writes to arbitrary paths, especially in agent environments where tools may be invoked indirectly and users may not realize the operation has persistent filesystem side effects.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The weekly report tool writes a Markdown file to disk, but its description does not clearly warn users that invoking it causes a persistent side effect. Hidden write operations are dangerous in agent settings because users and higher-level systems may assume the tool is read-only analysis, leading to unintended file creation and weakened trust boundaries.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal