ClawHub

Text Compressor

Security checks across malware telemetry and agentic risk

Overview

This looks like a real text-compression skill, but it also ships unrelated packaging scripts that are not disclosed and should be reviewed before installation.

Install only if you are comfortable with a text-compression skill that also includes undisclosed packaging helpers. Prefer a version that removes pack.py/package_manual.py or clearly documents them as build-only files, and run only scripts/compress.py on files you choose.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill advertises command execution that reads an input file and writes an output file, but it declares no permissions. Hidden or undeclared file access weakens trust boundaries because an orchestrator or reviewer may approve the skill without understanding that it can access and modify local data. In a skill ecosystem, that can lead to unintended file exposure or overwriting if invoked automatically.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
A mismatch between the stated purpose and the actual behavior is security-relevant because it can conceal capabilities unrelated to text compression, such as packaging the skill directory, parsing metadata, and writing artifacts elsewhere. Users and automated systems may invoke the skill expecting harmless text processing while it performs broader filesystem operations, increasing the risk of unauthorized data collection, repackaging, or persistence-related side effects.

Description-Behavior Mismatch

High
Confidence
93% confidence
Finding
The script packages every file under the skill directory into a distributable archive, which is behavior materially different from the declared text-compression purpose. That mismatch is dangerous because it can hide repackaging, redistribution, or exfiltration of unintended files behind an innocuous skill description, reducing reviewer and user scrutiny.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The file is effectively a skill packager, not a text compressor, so it introduces undeclared capability to enumerate a directory and create an archive artifact. In the context of an agent skill ecosystem, undeclared packaging functionality is risky because it can bundle sensitive files or create misleading artifacts under a trusted skill identity.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal