ClawHub

Send Md As

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims, but it needs review because its renderer can silently weaken Chromium sandboxing while processing user-provided Markdown content.

Install only if you trust the publisher and are comfortable running local renderers and downloaded dependencies. Use an isolated environment for untrusted Markdown, review setup.sh before running it, and confirm recipients before using the optional message-send command. Static scan was clean and VirusTotal was pending, so the Review verdict is based on the artifact-backed Chromium fallback and under-disclosed local execution scope.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill declares only a binary requirement but its documented install and usage flow clearly invoke shell scripts (`setup.sh`, `render.sh`) and produce output files, meaning it exercises shell execution and file-write capabilities without explicitly declaring them. This creates a trust and review gap: operators may approve or install the skill without understanding that arbitrary script execution and filesystem modification are part of normal operation.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The renderer retries Chromium with `--no-sandbox` and `--disable-setuid-sandbox` if normal launch fails. This weakens browser isolation while rendering attacker-controlled Markdown-derived HTML, Mermaid output, and KaTeX output, so any browser or renderer compromise would run with the invoking user's privileges instead of being sandbox-contained.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal