ClawHub

Node Transfer

Security checks across malware telemetry and agentic risk

Overview

This appears to be a genuine node-to-node file transfer skill, but it needs Review because it exposes local files over plaintext network transfer and has a risky install-check behavior.

Install only if you need cross-node file transfer and trust the publisher/source. Use it on trusted or VPN-protected networks, avoid sensitive files unless the transport is protected, confirm exact nodes and paths before each transfer, review generated PowerShell before running it, avoid untrusted custom install directories, and remove the helper scripts when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
This is a true vulnerability because the verification path loads and executes `targetDir/version.js` via `require(versionPath)` while the script claims to perform only an installation check. If an attacker can place or modify files in the inspected directory, running this checker will execute arbitrary JavaScript with the privileges of the user or agent invoking it, turning a read-only integrity check into code execution.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The report explicitly instructs operators to run PowerShell with `-ExecutionPolicy Bypass` and to execute a script body remotely via `nodes.invoke`, which normalizes bypassing local script execution safeguards without any warning, validation, or trust boundary discussion. In this context, the file is operational guidance for deploying code to remote nodes, so unsafe instructions are likely to be copied directly into production workflows and could enable execution of tampered or unintended scripts.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The documentation describes writing transferred data directly to an arbitrary output path but does not clearly warn users that the operation creates or modifies files on the destination system and could overwrite important local data if misused. In an agent-driven environment where file paths may be supplied programmatically, missing this warning increases the chance of accidental destructive writes or unsafe path selection.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The server binds to 0.0.0.0 and advertises a reachable LAN IP, making the selected file available to any host that can reach the machine if they obtain the token. Although the random token reduces unauthorized access risk, the script provides no explicit user confirmation or safety warning before exposing a local file over plaintext HTTP on all interfaces, so accidental data exposure is a realistic risk in an agent/automation context.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal