ClawHub

Senior Qa

Security checks across malware telemetry and agentic risk

Overview

This is a simple local QA helper with overstated capabilities and an output-file caution, but no hidden network, credential, persistence, or destructive behavior.

Install only if you are comfortable with a lightweight, mostly placeholder QA helper. Run it from a version-controlled project, review script output before relying on it, and be careful with --output because it can overwrite the file you name. Do not treat it as real coverage analysis or automated test generation without further implementation review.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill advertises and invokes scripts that can scaffold tests and apply automated fixes, which implies file-writing capability, but the skill does not declare permissions or warn users about filesystem modification. In an agent setting, undeclared write access weakens user consent and can lead to unexpected project changes or artifact creation in arbitrary locations.

Tp4

High
Category
MCP Tool Poisoning
Confidence
76% confidence
Finding
The documented behavior is framed as QA/testing assistance, but the associated tooling reportedly supports arbitrary output-file writing and generic path processing that are broader than the stated purpose. That mismatch can mislead users and orchestration systems into granting trust or invoking the skill in contexts where it can perform side effects unrelated to QA, increasing the chance of abuse or unintended data modification.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
This script claims to be a coverage analyzer, but it only validates that a path exists and then returns a hardcoded success result with no actual coverage inspection. In a QA/security workflow, this can create false assurance that testing or coverage checks were performed, allowing untested or vulnerable code to pass gates unnoticed.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The invocation description is very broad ('use when designing test strategies, writing test cases, implementing test automation, performing manual testing, or analyzing test coverage'), making it likely to trigger for a wide range of ordinary QA-related prompts. Overbroad routing increases exposure to any unsafe side effects in the skill, including unanticipated script execution or file modification in situations where the user only wanted advice.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The markdown promises automated scaffolding and automated fixes but does not clearly warn that project files or generated artifacts may be created or changed. In practice, this can cause silent modifications to source trees, CI configs, or test assets, which is risky in an autonomous agent workflow because users may interpret the skill as advisory rather than mutating.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal