ClawHub

Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is for background code-changing jobs, but the package omits the main runtime scripts and includes under-scoped local setup guidance.

Install only if you can obtain and review the missing dispatcher, worker, and Telegram helper from a trusted source. Replace the example Telegram approver ID and default workdir with your own values, use explicit --workdir paths for write jobs, keep bot tokens limited, and review saved logs and patches before trusting background changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill clearly instructs users to run local shell scripts that can modify files, but the skill metadata shown here does not declare corresponding permissions. This creates a transparency and policy gap: users or hosting frameworks may not realize the skill executes shell-backed operations with write effects, increasing the chance of unintended code execution and file changes.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This skill is designed for asynchronous repository modification and persistent artifact storage, but the description does not present that as an explicit user-facing warning. Users may invoke it expecting a simple background task without appreciating that it can alter files later and retain logs, summaries, and patches under $HOME, which can expose sensitive code or data.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation advertises Telegram notifications but does not clearly warn that completion summaries may be transmitted to an external third-party service. If summaries include repository details, code snippets, paths, or other sensitive context, this can lead to unintended data disclosure outside the local environment.

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
The documentation recommends that write requests default to a specific absolute working directory without requiring per-request user confirmation. In a local async skill that can perform write actions, a forced default path increases the chance of unintended modifications to the wrong repository or sensitive local files when users omit --workdir or misunderstand the active target.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal