ClawHub

one line HTTP static server

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent static-file-server reference, but it too often recommends exposing the current directory on the network without clear safety warnings or confirmation steps.

Install only if you are comfortable reviewing each command before use. Serve a dedicated non-sensitive directory, prefer localhost or 127.0.0.1 by default, avoid 0.0.0.0 unless you intentionally want LAN access, and do not enable uploads, directory browsing, CORS, or Docker port publishing casually.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (22)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The inline Java example directly maps the HTTP request path to a filesystem path using `Path.of("." + exchange.getRequestURI().getPath())` and reads it without validation, normalization, existence checks, or confinement to an intended document root. This allows path traversal and arbitrary file reads relative to the process's working directory, which is more dangerous because the surrounding documentation presents it as a simple static server example that users may copy into real environments.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill’s invocation criteria include broad phrases like helping users start a local web server, preview a site, or share files over LAN, without strong safety boundaries. In an agent setting, this can cause the skill to trigger in contexts where the user did not explicitly intend to expose local files, increasing the chance of accidental data disclosure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill recommends LAN-sharing and includes commands elsewhere that bind to 0.0.0.0, but it does not prominently warn that this exposes files to other devices on the network. Users may unintentionally publish sensitive project files, secrets, or personal data beyond localhost.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The options table advertises directory listing, upload, and authentication-related features without warning that directory indexes expose file names and upload endpoints can modify server contents. In an ad-hoc static serving context, these features materially increase confidentiality and integrity risk if enabled casually.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation shows how to start a BusyBox static HTTP server and explicitly notes that directory listing is enabled, but it does not warn that serving a directory can expose all files under that path to anyone who can reach the port. In a reference skill, users may copy-paste these commands on trusted or semi-trusted networks, unintentionally disclosing local files or enabling broader access than intended.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation explicitly suggests `{bind_address, {0,0,0,0}}`, which exposes the HTTP server on all network interfaces, but it does not warn that this makes the server reachable from other hosts. In a reference snippet for quickly serving files, this can lead users to unintentionally publish local content on untrusted networks or broader environments.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document explicitly recommends running an HTTP file server on ':8000', which in Go binds to all interfaces by default, and serves the current directory with directory listing enabled. Without a warning to restrict binding or avoid sensitive working directories, users may unintentionally expose local files to other machines on the same network.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The example explicitly binds lighttpd to 0.0.0.0 while serving the current working directory, which exposes local files to any host that can reach the machine. In a reference snippet with no warning about network exposure, users may copy-paste it and unintentionally publish sensitive files on their LAN or beyond.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
Enabling dir-listing.activate allows clients to enumerate filenames and browse available content, which can disclose sensitive file names, internal structure, or files that were not meant to be easily discoverable. Because the snippet is presented as a simple usage example without a caution, it increases the risk of accidental information exposure.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The document recommends static server options that include directory listing and CORS without warning about the security consequences. In practice, users may expose sensitive local project files, secrets, or internal assets over HTTP, and enabling CORS can make that exposed content easier to read from other origins in a browser context.

Missing User Warnings

High
Confidence
98% confidence
Finding
The inline Node.js example concatenates user-controlled request paths directly into a filesystem path and streams the result without validation or normalization. This creates a path traversal risk, allowing requests such as '../' sequences to access arbitrary local files outside the intended directory, while also lacking basic safety controls like error handling and content-type restrictions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The examples start static HTTP servers rooted at the current directory and explicitly note directory listing support, but provide no warning that running them may expose local files to anyone who can reach the server. In a reference skill, omission of this context can lead users to unintentionally publish sensitive source code, credentials, or personal files from their working directory.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The Mojolicious example binds to all interfaces using http://*:8000, which can make the server reachable from other machines on the network, yet the documentation does not warn about this exposure. Combined with serving the current working directory, this increases the risk of unintended remote access to local files or development assets.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The example explicitly binds PHP's built-in server to 0.0.0.0, which exposes it on all network interfaces and can make a development server reachable by other hosts. Although this is common documentation, the nearby text does not immediately warn about network exposure at that example, so users may unintentionally expose local code or sensitive files on untrusted networks.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The Docker example publishes port 8000 and runs the PHP server bound to 0.0.0.0, making the service externally reachable depending on the host network configuration. In documentation, this can lead users to expose a development-only PHP server and mounted working directory more broadly than intended.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The examples show how to expose files over HTTP, including one variant bound to 0.0.0.0 and another with directory browsing enabled, but they do not warn that this can make local files reachable by other systems on the network. In documentation, this omission can lead users to unintentionally publish sensitive files or entire working directories.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The examples show how to start an HTTP server and serve directories, but they do not clearly warn that files in the served path may become accessible over the network and that directory listings are enabled by default. In a reference skill, users may copy-paste these commands directly, which can unintentionally expose sensitive files, especially if they bind to non-local interfaces or serve the wrong directory.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The Twisted examples serve the current directory (`.`) and mention directory listing without a safety warning, which increases the chance a user will expose source code, secrets, or other local files. Because these are presented as convenient one-liners, the omission of network-exposure cautions makes accidental disclosure more likely.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation tells users to serve the current working directory over HTTP using a one-liner, but it does not warn that whatever directory they run it from will become browsable and downloadable. In a reference file for quick server commands, this can easily lead to accidental exposure of source code, secrets, build artifacts, or personal files if the command is run from the wrong directory.

Missing User Warnings

High
Confidence
98% confidence
Finding
The example explicitly binds the server to 0.0.0.0, making it reachable from other hosts on the network, but provides no warning about the increased attack surface. In this context, combining all-interface binding with serving Dir.pwd can expose local files to anyone with network access, which is especially risky for ad hoc developer usage.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document provides commands that expose a static file server on all interfaces and mentions upload capability and authentication without warning about the security implications of internet or LAN exposure. In a reference guide, readers may copy-paste these commands directly, which can unintentionally expose sensitive files, enable unauthorized access attempts, or allow file uploads if misconfigured.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation explicitly shows binding the HTTP server to 0.0.0.0, which exposes it on all network interfaces, but it does not warn that this makes the service reachable from other hosts. In a reference file for a static server with directory listing and possible CGI support, this can lead users to unintentionally expose local files or a test server to untrusted networks.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal