ClawHub

PoliBERT Sentiment Analysis

Security checks across malware telemetry and agentic risk

Overview

The skill is mainly a disclosed political sentiment tool, with some transparency and accuracy caveats but no evidence of hidden execution, credential theft, persistence, or destructive behavior.

Install only if you are comfortable with a political-analysis tool that can download a HuggingFace model, analyze local text you point it at, and optionally send Reddit search terms to Reddit. Avoid using sensitive private political text or confidential research terms with the Reddit option, and do not rely on the bundled Polymarket helper as fresh market data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
78% confidence
Finding
The skill advertises local file and stdin batch processing, which implies file-read capability, but the metadata declares no permissions or safety boundaries. This is dangerous because users and orchestrators cannot accurately assess what data the skill may access, and permissionless file access in an agent setting can expose sensitive local content if invoked on unintended paths.

Tp4

High
Category
MCP Tool Poisoning
Confidence
85% confidence
Finding
The documented behavior is inconsistent: the skill is presented as a sentiment-analysis tool, but the finding indicates additional Polymarket-style market analysis and hardcoded market snapshot behavior unrelated to the stated purpose. Hidden or mismatched behavior is dangerous because it breaks user trust, can cause unintended external data handling or decision-making, and may smuggle in functionality that bypasses review under a benign description.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The file’s behavior materially diverges from the declared skill purpose: instead of political sentiment analysis, it performs Polymarket election-market data analysis using hardcoded candidate/probability data. In an agent ecosystem, this kind of capability mismatch is dangerous because policy, user trust, and downstream automation may rely on the manifest to understand what data is being processed and what actions are being taken; a mislabeled skill can bypass review expectations and produce politically sensitive outputs under false pretenses.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The docstring and interface claim live web scraping of Polymarket event pages, but the implementation mostly returns a static snapshot and instructs users to visit a URL manually for unsupported events. This discrepancy can mislead users or higher-level agents into treating stale, manually curated political market data as fresh scraped data, which creates integrity and trust risks in politically sensitive analysis workflows.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The Reddit integration does not clearly warn that user-supplied queries and subreddit selections are transmitted to Reddit, an external service. This creates a privacy and data-handling risk because sensitive research topics, political interests, or internal investigation terms may be disclosed to a third party without adequate notice.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
When the --reddit option is used, the tool sends the user-supplied candidate/query to Reddit and retrieves third-party content without a clear consent or privacy warning beyond a generic fetch message. This can unintentionally disclose sensitive political interests or investigation targets and may surprise users who believe analysis is local-only, especially given the skill’s real-time Reddit integration.

Missing User Warnings

Low
Confidence
91% confidence
Finding
The script hard-codes a user-specific absolute path and activates a virtual environment from that location without any warning or validation. This can expose local username/path information, reduce portability, and cause the script to operate on an unintended local workspace if copied or run in a different environment.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal