ClawHub

Gno

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent local document-search tool, but it asks for broad Gno command authority that can index private files, expose a web UI, install persistent AI integrations, and enable future write access with limited warnings.

Install only if you trust the external Gno CLI and want an AI agent to operate a local knowledge index. Use narrow folders, exclude secrets and private directories, avoid starting the web UI on broad network interfaces, review any publish export before uploading it, and do not enable MCP write tools unless you specifically need persistent AI-driven file modification.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The documented `gno publish export` capability expands the skill from local document search into content packaging for publication to an external service (`gno.sh`). That creates a real scope-expansion and data-exfiltration risk because an agent using this skill could prepare local notes for external sharing, including sensitive material, which is not implied by the skill's stated local-search purpose.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The CLI reference includes MCP server installation and client configuration modification for `claude-desktop`, `claude-code`, and `codex`, which goes beyond document retrieval and into modifying AI tool configuration. This is dangerous because it enables persistence and integration into other assistant environments, increasing the blast radius far beyond a local search utility.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill advertises very broad activation triggers such as searching files, notes, knowledge bases, RAG setup, web UI, tagging, graphing, and publishing, which overlap with many ordinary user requests. This can cause the agent to invoke a powerful filesystem-searching skill too often, increasing the chance of unnecessary indexing, data access, or exposure of local content beyond the user's narrow intent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill encourages indexing local directories and starting a local web UI but does not warn about sensitive-file ingestion, filesystem scope, or local network/data exposure. In a document-search skill, these operations are contextually sensitive because they can sweep private files into an index or expose searchable content through a server without the user understanding the impact.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation explicitly advertises `gno mcp install --enable-write`, which enables file-modifying MCP capabilities, but does not warn users that this grants an AI-connected tool the ability to alter local files. In the context of an MCP server for searching local documents, that omission increases the chance that users enable write access without understanding the trust and safety implications.

Session Persistence

Medium
Category
Rogue Agent
Content
# Claude Code
gno mcp install -t claude-code

# With write tools enabled
gno mcp install --enable-write
```
Confidence
84% confidence
Finding
write tools enabled gno mcp install --enable-write ``` ## Manual Setup ### Claude Desktop Add to `claude_desktop_config.json`: ```json { "mcpServers": { "gno": { "command": "gno",

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal