ClawHub
Back to skill

Security audit

Find trending skills

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed ClawHub trend-monitoring CLI that fetches public skill stats, stores local state, and only uses optional scheduling when the user sets it up.

Install only if you want a Node-based ClawHub trend monitor. Review the optional cron setup before enabling it, and avoid putting sensitive details in the optional local profile because it is stored on disk.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill declares no permissions while its documentation clearly indicates use of environment variables and network access to fetch ClawHub data. This creates a transparency and consent problem: hosts and users cannot accurately evaluate or sandbox the skill's capabilities, increasing the risk of unexpected outbound requests or use of sensitive environment configuration.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The documentation describes persistent state storage and scheduled log output under the user's home directory, but it does not prominently warn that local files and ongoing logs will be created. This is mainly a user-safety and privacy issue: unsuspecting users may accumulate retained usage data or logs without realizing the skill persists information across runs.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
fetch_trending.js:21