ClawHub

Context Visualization

Security checks across malware telemetry and agentic risk

Overview

This skill transparently runs a local helper to estimate context usage and memory size, without network transfer, persistence, or destructive behavior.

Install only if you are comfortable with a local script reading the chosen workspace's standard context files and memory/ directory to produce size and category summaries. Avoid pointing it at unrelated or highly sensitive directories.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
85% confidence
Finding
The skill instructs the agent to read workspace files via a bundled script, but it does not declare the corresponding file-read permission. Undeclared file access weakens permission transparency and can cause the skill to be invoked in contexts where users or policy expect a non-file-touching visualization-only capability.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The skill claims to visualize current context usage, but it also inventories all files under memory/ and presents them as 'Memory on Disk,' which expands behavior beyond the declared purpose. This mismatch is dangerous because users may invoke the skill for harmless context introspection while it performs broader workspace enumeration, potentially exposing sensitive file names, sizes, and inferred content volume unrelated to the immediate request.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The script goes beyond estimating currently loaded context files and recursively inventories the entire memory/ directory, including categorization and aggregate sizes/tokens. In a skill whose stated purpose is context-window visualization, this expands visibility into potentially sensitive workspace contents that are explicitly noted as not in context, creating unnecessary information disclosure and scope creep.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The output structure does not match the skill's promised purpose of showing context-window breakdowns such as system prompt, tools, messages, and free space; instead it adds unrelated memory inventory data. This mismatch can mislead users into believing they are seeing a faithful context breakdown while also exposing extra workspace metadata, increasing the risk of unintended disclosure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal