ClawHub

AI持续学习系统

Security checks across malware telemetry and agentic risk

Overview

This skill fetches public GitHub and arXiv items, summarizes them, and saves local notes as advertised, with setup and disclosure gaps users should review before scheduling it.

Install this only if you want an agent to periodically collect public research/trending information and keep local notes. Before scheduling it, confirm the Python dependencies and mmx CLI are trusted, understand where notes are stored, and review the generated files before using them as long-term memory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill advertises autonomous learning, file persistence, shell execution, and network fetching, yet the manifest shown in SKILL.md does not declare any permissions. Undeclared privileged capabilities are dangerous because users and hosting platforms cannot make an informed trust decision, and a skill with network, shell, and file write access can fetch remote content and persist or execute follow-on actions without explicit authorization boundaries.

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The documented behavior materially overstates or misrepresents what the skill actually does, including claims of hourly autonomous learning, overnight distillation, and long-term memory. Description/behavior mismatches are security-relevant because users may grant trust or install the skill under false assumptions, while hidden behaviors such as task-queue inspection, external CLI invocation, and local persistence can expand the real attack surface beyond what the description suggests.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The usage and architecture text presents automatic fetching and persistence as normal operation but does not clearly warn users that the skill performs network access and writes persistent local files. This omission is risky because autonomous network retrieval plus local storage can collect untrusted content, consume resources, and create privacy or integrity issues without informed consent.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill automatically fetches external content and forwards derived content to a third-party LLM tool without any user-facing consent, disclosure, or policy gate. In an agent environment, silent background network activity and data transmission can violate privacy expectations and organizational controls, especially because it runs opportunistically when the queue is idle.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal