ClawHub

Collab Edit

Security checks across malware telemetry and agentic risk

Overview

This skill is for legitimate live collaboration, but its instructions can expose an unauthenticated browser code editor to the public internet.

Install only if you understand that this can publish a live editor from your machine to the internet. Do not tunnel code-server or any workspace editor without strong authentication, limited duration, and a non-sensitive isolated workspace; ignore the no-auth example and treat the encryption claim as unverified.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to launch a browser-accessible collaboration service and then expose it publicly, including an example with code-server bound to 0.0.0.0 and no authentication. That goes beyond merely enabling co-editing and creates a remotely reachable interactive environment that could allow unauthorized access, code manipulation, or data exposure if the link is discovered or shared.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The documentation claims 'All traffic is encrypted end-to-end,' but the described setup uses a tunnel service and may relay traffic through an intermediary. Misstating the security properties can cause users to expose sensitive content under a false assumption that the tunnel operator or relay infrastructure cannot access plaintext.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill tells users to share a public collaboration link for an internet-exposed editor but does not prominently warn that anyone with the URL may gain access if the underlying tool lacks authentication. In this context, the exposed service may permit reading or modifying documents, code, or session state, making accidental disclosure or unauthorized participation likely.

Missing User Warnings

High
Confidence
99% confidence
Finding
The example explicitly launches code-server with '--auth none' and binds it for remote access, then later exposes it through a public tunnel. This creates an unauthenticated web IDE reachable from the internet, which can enable arbitrary file access, code execution through terminal features or extensions, credential theft, and full compromise of the host environment.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal