ClawHub

Frontend Backend Flow Test

Security checks across malware telemetry and agentic risk

Overview

The static audit tool is coherent, but its optional live helper can use credentials and may delete API data even when generated as read-only.

Install mainly for the static audit workflow. Do not run generated live helpers against production; use disposable dev/staging credentials, inspect generated files before execution, and do not rely on --read-only as a strict safety boundary until the delete path and credential embedding are fixed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill advertises and invokes shell-based tooling, reads arbitrary frontend/backend source trees, writes audit outputs, and references limited live verification, yet it declares no permissions. That mismatch is dangerous because operators or orchestration layers may treat it as low-risk while it can access files, environment data, and potentially networked targets during helper generation or follow-up checks.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The skill is presented as an audit-first static analyzer, but the behavior described by the finding includes generating and encouraging execution of live, write-capable API scripts with auth handling. That description-behavior gap is dangerous because users may invoke the skill expecting passive analysis while it can facilitate authenticated POST/PUT/PATCH/DELETE actions against real environments, causing unintended state changes or misuse of credentials.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal