ClawHub

File Inbox

Security checks across malware telemetry and agentic risk

Overview

This is a local file-inbox skill that stores and indexes exchanged files as advertised, with privacy and retention caveats but no evidence of hidden network, credential, or destructive behavior.

Install only if you want a persistent local archive of exchanged files. Avoid registering sensitive or regulated files unless you are comfortable storing copies and metadata under inbox/, use --copy when you do not want the original moved, and periodically review or delete archived entries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill clearly instructs the agent to read, move, copy, and index files in the workspace, but no explicit permissions are declared. This creates a capability/permission mismatch that can lead to unintended file access or writing if the surrounding platform relies on declared permissions for policy enforcement or review.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The invocation guidance is broad enough that the skill may activate for many ordinary file-related requests, including ones that do not require persistent storage or indexing. Over-broad triggering increases the chance of unnecessary file retention, unintended file operations, or the skill being selected in contexts where a narrower tool would be safer.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs the agent to store and index user files, including metadata like sender names, notes, tags, and dates, but provides no explicit privacy, retention, or sensitive-data handling guidance. This can result in silent persistence of personal or confidential materials and creates additional exposure through searchable indexes.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal