ClawHub

color-filer

Security checks across malware telemetry and agentic risk

Overview

This skill is a file organizer with expected local file-changing behavior, but its optional config loading can execute arbitrary Python code without clearly warning users.

Review before installing. Use only the bundled scripts and configs you have inspected, run dry-run first, keep backups enabled, avoid --yes and --no-backup for real runs, and do not use --config with any untrusted or path-like value. The main concern is local Python code execution through config loading, not hidden network or credential behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

exec() call detected

High
Category
Dangerous Code Execution
Content
config_file = os.path.join(os.path.dirname(__file__), f'{args.config}_config.py')
        if os.path.exists(config_file):
            print(f'📋 加载配置: {args.config}_config.py\n')
            exec(open(config_file, encoding='utf-8').read(), globals())
        else:
            print(f'⚠️  配置文件不存在: {config_file}')
            print('⚠️  跳过目录重命名和文件归档步骤\n')
Confidence
99% confidence
Finding
exec(open(config_file, encoding='utf-8').read(), globals())

Direct flow: open (file read) → exec (code execution)

High
Category
Data Flow
Content
config_file = os.path.join(os.path.dirname(__file__), f'{args.config}_config.py')
        if os.path.exists(config_file):
            print(f'📋 加载配置: {args.config}_config.py\n')
            exec(open(config_file, encoding='utf-8').read(), globals())
        else:
            print(f'⚠️  配置文件不存在: {config_file}')
            print('⚠️  跳过目录重命名和文件归档步骤\n')
Confidence
99% confidence
Finding
exec(open(config_file, encoding='utf-8').read(), globals())

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
Allowing a user-selected config file to contain and execute arbitrary Python exceeds the stated purpose of file coloring and organization and creates a broad code-execution surface. The skill context increases danger because users are likely to trust a utility script and run it locally with access to personal workspaces, enabling theft, destruction, or persistence if the config is malicious.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal