ClawHub

Module Analyzer Generate Doc

Security checks across malware telemetry and agentic risk

Overview

This is mostly a Java documentation skill, but it needs Review because it scans and writes project files while giving inconsistent guidance about shell fallbacks and security-restricted file access.

Install only if you are comfortable with the agent reading the specified Java module and creating source-derived docs, logs, and checkpoint files under .ai-doc. Run it on a controlled branch, review generated files before committing or sharing, require confirmation before migrations, overwrites, or cleanup, and do not run the package.json PowerShell generate script unless the missing helper script is supplied and reviewed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (7)

Description-Behavior Mismatch

Low
Confidence
87% confidence
Finding
The skill is presented as a documentation generator, but it also instructs the agent to migrate, update, and preserve artifacts on disk, including existing docs and resume state files. That scope expansion increases the chance of unintended filesystem modification outside the user's immediate expectation, especially when path handling is derived from project/module inputs.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The section says it will only report low-quality documents and never auto-delete, but it also embeds a deletion workflow example using interactive confirmation. In practice, this normalizes destructive file handling within the skill and could lead an agent implementation to perform deletions or destructive cleanup when users did not intend a reporting-only operation.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The report makes a reassuring security claim that there is no system command execution beyond file operations, yet elsewhere explicitly references Bash/PowerShell fallback behavior. This inconsistency is dangerous because it can mislead users and reviewers about the actual execution model, causing them to underestimate shell-execution risk, command-injection exposure, or policy/compliance concerns in enterprise environments.

Intent-Code Divergence

Low
Confidence
85% confidence
Finding
The report claims there are no external network calls, but later advises maintaining a stable network connection for subagent orchestration. Even if the network usage is only for platform-level agent coordination, the contradiction is security-relevant because it obscures data-flow boundaries and may cause users to approve the skill under false assumptions about offline behavior or data exposure.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README explicitly states that the skill will create a hidden output directory plus state and log files under the project root, but it does not warn users that source trees will be modified during analysis. In agent environments, silent writes into a repository can pollute working copies, interfere with builds or CI, and create privacy or integrity issues if logs/state capture sensitive code metadata.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The activation phrases are broad and conversational, so the skill may trigger on ordinary requests about understanding or analyzing a module. Because this skill performs extensive scanning, spawns subagents, and writes documentation/state files, accidental activation can cause unintended filesystem reads, processing, and artifact creation.

Missing User Warnings

Low
Confidence
82% confidence
Finding
Documenting a 'bash alternative' for file access errors without disclosing shell-execution implications normalizes potentially risky behavior in a file-processing skill. In this context, the skill operates on user-supplied module paths and source trees, so any shell fallback increases the attack surface for unsafe argument handling, path injection, or unexpected command execution if not tightly constrained.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal