ClawHub

Capacities Lookup

Security checks across malware telemetry and agentic risk

Overview

This skill transparently searches a user's Capacities workspace and caches lookup metadata locally, with privacy caveats but no evidence of deception or destructive behavior.

Install only if you want an agent to search your Capacities workspace with CAPACITIES_API_TOKEN. Prefer explicit Capacities lookup requests, use a trusted CAPACITIES_API_BASE_URL, and be aware that lookup terms and result metadata may remain in data/capacities. Avoid having the agent source ~/.zshrc unless you know what that file runs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill clearly instructs the agent to read environment variables, source shell configuration, read local config files, and make live API/network requests, yet it does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: users or orchestrators may invoke the skill without realizing it can access secrets and local files and exfiltrate data to an external service.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation criteria are overly broad because the skill should be used when a request merely 'sounds like' it may refer to something stored in Capacities. That can cause the agent to over-invoke a networked skill on ordinary user queries, unnecessarily exposing search terms and potentially sensitive context to an external API without sufficiently clear user intent.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The instruction to 'suggest Capacities proactively when a request sounds like a note/project/meeting/person lookup' is vague and encourages speculative triggering. In context, this skill performs live external lookups using API credentials, so proactive invocation increases the chance of unnecessary disclosure of user data and unintended external actions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The code caches raw search terms and full lookup results, including object titles, IDs, deep links, and the space ID, and persists them to storage without any indication of consent, minimization, or access controls in this code path. In a knowledge-management lookup skill, those queries and returned object metadata can reveal sensitive user interests, projects, meetings, or people records, so local persistence increases privacy and data-exposure risk if the cache is read by other components or users.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal