ClawHub

skill-prescan

Security checks across malware telemetry and agentic risk

Overview

This appears to be a security-scanning skill, but it may upload scanned skill contents to a configured LLM service without clear warning and can produce misleading scan context, so users should review it before use.

Install only if you are comfortable with the scanner reading the target skill files and possibly sending their contents to the configured LLM provider. Do not scan private, unpublished, or secret-containing skills unless you have confirmed the endpoint, retention policy, and consent flow. Treat its verdicts as advisory because the reported hard-coded and contradictory scan context can mislead results.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The scanner hard-codes capability signals including `requires-sensitive-credentials` even though the generated context also says the primary credential is `none` and may not reflect the actual skill content. This can systematically bias downstream model judgments, producing misleading security verdicts and undermining trust in the scan output.

Intent-Code Divergence

Medium
Confidence
80% confidence
Finding
The generated scan payload always states `No code files present — this is an instruction-only skill`, regardless of broader skill context. That can mislead the remote evaluator about the artifact set it is reviewing, causing under-analysis of code-bearing skills or false confidence in the resulting verdict.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The tool reads a local SKILL.md file and transmits its full contents to a user-configured remote LLM endpoint, but the CLI flow does not provide a clear warning or confirmation about this exfiltration of local data. If users point it at sensitive or unpublished material, they may unintentionally disclose proprietary or secret content to third-party services.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal