ClawHub

Ssl Certificate Monitor

Security checks across malware telemetry and agentic risk

Overview

This is a normal-looking SSL certificate checker, but it can misleadingly label certificates as valid without actually verifying trust chains or hostnames.

Treat this skill as an expiration and certificate-metadata checker, not proof that a certificate is trusted, correctly issued, hostname-matched, or compliant. Only run it against domains you are authorized to check, and use a separate TLS validation tool for security decisions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill advertises file-based batch input (`batch domains.txt`) and describes reading domain lists from text files, yet no corresponding permission is declared. This creates a transparency and least-privilege issue: users and policy engines cannot accurately assess that local file contents may be accessed when the skill runs.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The code explicitly disables hostname and certificate verification by setting check_hostname = False and verify_mode = ssl.CERT_NONE, yet later presents results as validation. This allows any presented certificate, including self-signed or attacker-controlled certificates from a man-in-the-middle, to be treated as retrievable and potentially 'valid,' creating a false sense of trust.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The validate command prints reassuring statements such as 'currently valid' and 'Basic validation' even though it performs no actual trust-chain validation and only checks date-related status from an unverified certificate. Operators may incorrectly conclude a certificate is trusted and safe, which can lead to acceptance of spoofed or improperly issued certificates.

Missing User Warnings

Low
Confidence
93% confidence
Finding
The skill repeatedly instructs users to connect to arbitrary domains and internal servers, but it does not warn that execution will make outbound network connections and may disclose queried hostnames through DNS lookups, TLS handshakes, proxies, or network logs. In environments with sensitive internal naming, this can leak infrastructure details or violate policy even if the tool's purpose is legitimate.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal