ClawHub

技能路由枢纽

Security checks across malware telemetry and agentic risk

Overview

This skill is a local skill router that logs routing history, with some overstated learning behavior but no evidence of malware or external data sharing.

Install only if you are comfortable with task snippets being saved in a local routing_log.jsonl file. Avoid putting secrets, credentials, or sensitive business or personal details into tasks routed through it, and review selected downstream skills before letting them perform high-impact actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill claims adaptive learning and automatic downranking of failed skills, but the described implementation does not actually update outcomes in a way the learning logic can consume. This creates a trust gap: operators may rely on the router to avoid previously bad or risky skills, while in practice it may keep selecting them, degrading safety controls and potentially re-triggering harmful or unsuitable downstream skills.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The router persists part of the user's task text to disk (`query[:100]`) in `routing_log.jsonl` without any consent, minimization beyond truncation, retention control, or access restriction. User prompts often contain secrets, personal data, internal project details, or credentials, so local prompt logging creates a privacy and data-exposure risk if the workspace is shared, backed up, or later accessed by other skills or users.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal