ClawHub

LYGO-MINT Operator Suite (v2)

Security checks across malware telemetry and agentic risk

Overview

This is a local pack hashing and verification skill with disclosed file reads and ledger writes, but users should avoid including secrets or sharing generated records with absolute paths.

Install this if you want local provenance tooling for prompt or workflow packs. Use a clean, narrow pack folder; do not point mint or bundle commands at broad directories or folders containing secrets; review manifests, ledgers, and bundles before sharing because they may include filenames, hashes, sizes, and some absolute local paths.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill advertises and relies on shell execution plus file read/write operations, but it does not declare any permissions or constraints for those capabilities. That mismatch can cause the agent or operator to run a skill with broader filesystem and command execution access than is visible from the metadata, increasing the risk of unintended file modification, data exposure, or misuse if the referenced scripts are malicious or later changed.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script stores `input` as `str(input_path)` and `manifestFile` as an absolute path inside persistent ledger records and emitted output, which can disclose local filesystem structure, usernames, mount points, or sensitive workspace locations. In a receipts-first anchoring tool that produces artifacts intended for sharing or third-party verification, this increases the chance that environment-specific metadata is unintentionally propagated beyond the local machine.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal