ClawHub

Super Spec

Security checks across malware telemetry and agentic risk

Overview

The skill’s main purpose is coherent, but its install and runtime paths rely on unpinned network-executed code and remote model calls that deserve user review.

Install only if you are comfortable trusting superada.ai and the @steipete/oracle npm package at runtime. Prefer inspecting or pinning installer contents first, use dedicated least-privilege API keys, avoid sending confidential context unless the selected endpoint is approved, and use --no-pro or documented fallback controls when you want to avoid the Pro/Oracle path.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill advertises shell-based installation and execution behavior but does not declare permissions, which can mislead operators and any enforcement layer about the skill's actual capabilities. That gap increases the chance that shell execution is invoked without appropriate review, sandboxing, or policy checks.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill is presented as a spec-generation utility, but the script also performs dynamic model routing and sends prompts to external OpenAI/Azure-compatible endpoints. That broader behavior materially changes the trust and data-flow boundary: user-provided context may leave the local environment even though the metadata does not clearly disclose that networked inference is part of normal operation.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The script reads API keys from environment variables and uses them for downstream remote model access, which expands the skill's capabilities beyond simple document generation. In this context the main risk is undeclared credential use and unintended external data transfer under the user's ambient credentials, not direct exfiltration of the key value itself.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
Falling back to `npx -y @steipete/oracle` allows execution of code fetched at runtime from the package registry, which introduces a supply-chain execution risk. In a skill expected to author specs, dynamically downloading and running external tooling is dangerous because compromise of the package, dependency chain, or registry path can lead to arbitrary code execution in the user's environment.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The install command fetches a remote script and pipes it directly to the shell, which executes unreviewed code from the network immediately. If the remote host, transport path, or published script is compromised, an operator can suffer arbitrary command execution with the privileges of the invoking user.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script builds a prompt from either stdin or a file and passes it to remote model backends without an explicit warning at execution time. Because the input may contain proprietary product plans, credentials accidentally pasted into context, or internal architecture details, silent transmission to third-party services creates a meaningful confidentiality and compliance risk.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script consumes API credentials from common environment variables and propagates them into child processes with no user-facing disclosure. While this is operationally common, it is still risky in an agent skill because it enables hidden use of organizational credentials and may surprise users who believe the tool is purely local.

External Script Fetching

High
Category
Supply Chain
Content
## Install

```bash
curl -sSf https://superada.ai/install/super-spec | sh
```

## Run
Confidence
99% confidence
Finding
curl -sSf https://superada.ai/install/super-spec | sh

Chaining Abuse

High
Category
Tool Misuse
Content
## Install

```bash
curl -sSf https://superada.ai/install/super-spec | sh
```

## Run
Confidence
99% confidence
Finding
| sh

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal