ClawHub

Knowledge card creator, your memory notes

Security checks across malware telemetry and agentic risk

Overview

This card-generation skill is mostly aligned with its purpose, but it needs review because it reads user material, runs a browser-based renderer, saves outputs locally, and contains an undisclosed third-party font request.

Install only if you are comfortable letting the skill read the files or URLs you provide, run a local browser-based renderer, contact Google Fonts during rendering, and save Markdown/PNG files locally. Avoid confidential notes unless you control the output path and can disable or block external asset loading.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill declares no permissions, yet its documented workflow explicitly reads local files and may rely on environment-derived paths such as the user's home directory. This creates a transparency and consent problem: users and policy systems cannot accurately assess what resources the skill will access, which can lead to unintended exposure of local data.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented behavior materially diverges from the claimed purpose: the skill advertises knowledge extraction, card-type selection, and content generation, but the detected implementation only renders existing Markdown and also introduces undeclared browser execution and remote font/network access. This mismatch is dangerous because it prevents informed consent and can conceal side effects such as local executable use and outbound network requests.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger phrases include broad terms like 'make a card' and 'knowledge card,' which can cause the skill to activate unintentionally in unrelated contexts. Accidental invocation increases the chance of surprising file reads, URL fetches, output writes, or script execution without the user's clear intent to use this specific skill.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to fetch arbitrary URLs and read files, but it does not warn users that remote content will be retrieved and local files accessed. In context, this makes the skill more dangerous because it accepts multiple input types and could pull sensitive local or remote data into processing without explicit user awareness.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The skill silently saves Markdown and image outputs to disk, including a default path under the user's home/workspace directory, without clearly warning the user. While lower severity than arbitrary reads or execution, undisclosed writes can leak sensitive derived content, overwrite files, or leave unexpected artifacts on shared systems.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill directs execution of a rendering script and use of a headless browser or HTML-to-image renderer, but this operationally significant behavior is not disclosed to the user. Executing local scripts and browser-based rendering expands the attack surface, may process untrusted Markdown/HTML content, and can trigger additional local or network side effects that users did not knowingly authorize.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal