ClawHub

ClawHub Skill Maintainer

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed portfolio-maintenance tool that gathers ClawHub skill data, writes local reports, and requires explicit user approval before any public changes.

Install only if you want an agent to analyze a ClawHub publisher portfolio, call ClawHub public/API endpoints, and store local reports and snapshots. Review generated approval boards carefully, especially merge batches, and do not let the agent run authenticated hide, publish, rescan, or merge commands unless you explicitly approve the exact batch.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
96% confidence
Finding
The skill instructs use of shell commands, local file reads/writes, and network-dependent portfolio refreshes, but it does not declare any permissions in its metadata. This creates a capability transparency and consent problem: a user or platform may treat the skill as low-privilege while it can actually inspect files, modify local artifacts, and invoke external CLI actions such as hide, publish, or merge workflows after approval.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The default prompt is broad and action-oriented, encouraging portfolio analysis and recommendation generation without clearly limiting when the skill should be invoked. In systems that support automatic or suggestion-based routing, this can cause the skill to activate in loosely related contexts and operate on sensitive portfolio or moderation workflows without sufficiently explicit user intent.

Vague Triggers

High
Confidence
95% confidence
Finding
Enabling implicit invocation without tight contextual restrictions increases the chance that the skill is auto-selected for ambiguous requests. Because this skill influences audit, approval-ready recommendations, and portfolio maintenance decisions at scale, unintended invocation could expose sensitive operational data or produce governance actions based on weak user intent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal