ClawHub

Windows Notifier

Security checks across malware telemetry and agentic risk

Overview

This skill is a local Windows notification helper whose risky-looking command use is disclosed and aligned with showing desktop popups.

Install only if you are comfortable with a reminder skill that can run local Node/PowerShell commands and may fetch npm dependencies on first use. Avoid using it for sensitive notification text if local popup visibility is a concern.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The script automatically runs `npm install` at runtime if `node-notifier` is missing. That expands the skill's behavior from local notification display into network access and package execution, and it executes dependency lifecycle scripts in the skill directory, which can run arbitrary code if the package set or lockfile is tampered with. In a notification skill, this is unnecessary and increases supply-chain and unexpected-execution risk.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The script invokes PowerShell with `-ExecutionPolicy Bypass` and later uses encoded commands to launch a custom WPF dialog. Even though the current inputs are single-quote escaped and the script appears intended for UI display, bypassing execution policy lowers a defense boundary and normalizes a high-risk execution pattern that could be abused if the script content or invocation path is modified. In this skill context, using a local notifier does not justify policy bypass.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal