ClawHub

File Transfer

Security checks across malware telemetry and agentic risk

Overview

This is a coherent file-transfer library with simulated Telegram behavior, but it needs clearer privacy guidance and one file-chunking bug should be fixed before production use.

Install only if you are comfortable giving the agent explicit file paths and chat destinations. Treat this version as a simulated transfer implementation, add your own confirmation step before any real file sharing, avoid sensitive files unless the destination is verified, redact logs, and do not rely on readFileInChunks until it reads actual file bytes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The method is documented and named as if it reads real file contents, but it fabricates chunk buffers with synthetic data instead of reading from disk. In any workflow that relies on this function for upload, scanning, hashing, backup, or transfer, the system will process false content while reporting success, causing integrity failures and potentially bypassing security controls that assume the actual file was handled.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README promotes context-aware file transfer features that analyze chat context and transmit files, but it does not disclose the privacy and security implications of handling user files, captions, chat IDs, and inferred metadata. In an agent skill ecosystem, missing warnings and consent guidance can lead operators to deploy the skill without understanding that sensitive content and conversation metadata may be processed or shared, increasing the risk of unintended disclosure.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill describes sending local files to an external messaging channel but does not prominently warn that file contents, filenames, captions, and chat metadata may leave the local environment. In an agent setting, this can lead to unintended exfiltration of sensitive documents or metadata if a user or upstream agent invokes the transfer without understanding the privacy boundary.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This example code initiates transmission of a local file to hard-coded Telegram chat IDs with no interactive confirmation, safety prompt, or clear warning that running the script will send data off-host. In an example or skill context, users often execute sample code directly; that makes unintended data disclosure more plausible if the file path or payload is later changed to sensitive content.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The adapter logs the destination chat ID and file path during transfers, which can expose sensitive operational metadata in application logs. In environments with shared logging, centralized log aggregation, or lower-privileged support access, these identifiers may reveal private recipients, group mappings, or file activity that should be minimized.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal