ClawHub

Filesystem Management

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed filesystem helper, but users should treat it as a powerful local file tool and verify the missing runtime code before running it.

Install only if you want the agent to list, search, analyze, and copy local files. Keep paths narrow, use dry-run before copy operations, avoid sensitive directories unless intended, and review the actual CLI implementation from GitHub or npm before executing it because the scanned artifact set did not include the runnable filesystem binary.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The documentation asserts that path validation prevents directory traversal attacks, but this file provides no evidence or enforceable mechanism showing that protection exists. In a filesystem-manipulating skill, unverified safety claims can mislead users and downstream agents into trusting operations on attacker-controlled paths, increasing the risk of unauthorized file access or writes.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The skill claims it verifies read/write permissions before operations, but the documentation does not show any actual checks or limitations. For a tool that lists, searches, and copies files, undocumented or absent permission validation can cause unsafe assumptions by users or agents and lead to attempts to access sensitive locations or partially completed destructive operations.

Intent-Code Divergence

Low
Confidence
78% confidence
Finding
The documentation advertises backup prompts before overwrites, but the described interface does not include a prompt workflow or safeguard that guarantees backups. This can create a false sense of safety around overwrite-capable batch copy operations and increase the chance of accidental user data loss.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The README promotes file copy and batch operations as routine usage without a prominent warning that these actions modify filesystem state and may affect sensitive data. In an agent setting, unclear safety messaging can lead to unintended propagation of files, copying secrets, or writes into unapproved locations when the agent follows examples too literally.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The documented copy and overwrite functionality can modify user data, but the markdown does not prominently warn about the risk of destructive or irreversible changes. In an agent-executed filesystem skill, weak safety messaging increases the chance that users or automated systems invoke overwriting behavior without understanding the consequences.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal