ClawHub

Merge Partition Coach

Security checks across malware telemetry and agentic risk

Overview

This skill is disclosed as partition-merge help, but it silently installs powerful disk software and exposes broader disk-operation launching than users would expect.

Review carefully before installing. Only use this on a Windows machine where you are prepared for disk-level changes, verify the EaseUS installer source and publisher signature yourself, make a full backup first, and do not approve any partition operation unless the preview exactly matches the disk and partition you intend to change.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (13)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
return 1

    print("[2/2] Running silent install...")
    proc = subprocess.run(
        [
            str(dest_path),
            "/verysilent",
Confidence
96% confidence
Finding
proc = subprocess.run( [ str(dest_path), "/verysilent", "/suppressmsgboxes", "/norestart", "/log", ], check=Fals

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill declares itself as a coaching guide but includes operational behaviors requiring shell execution, file writes, and network access without explicitly declaring those permissions. This creates a trust and transparency gap: users or a platform may authorize a low-risk instructional skill while it actually downloads software, writes temp files, and invokes external executables.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The described purpose is partition-merging guidance, but the documented behavior extends to downloading and installing third-party software, elevating execution, launching a GUI binary, and passing generic shellcmd input to an external tool. That mismatch is dangerous because it can conceal broader execution capability behind a benign-looking skill description, increasing the chance of unsafe approval or misuse.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
Bundling installer download and software installation steps exceeds a simple coaching function and introduces supply-chain and unwanted-installation risk. Even if the vendor is legitimate, instructing automated retrieval and execution of remote software increases the attack surface and can lead to execution of tampered, outdated, or unreviewed binaries.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill instructs users to run software with Administrator privileges and uses PowerShell ExecutionPolicy Bypass in a launch command. Those patterns normalize risky execution practices and lower system defenses, making it easier for malicious or unintended code paths to run with elevated rights.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
This script is functionally a generic launcher for EaseUS Partition Master operations, while the declared skill is only for merge-partition coaching. That mismatch expands capability far beyond user expectations and enables destructive disk actions such as resize, split, or other vendor-supported commands through a trusted skill surface.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The code accepts an arbitrary shellcmd from the first CLI argument and forwards it directly to EPMUI.exe, effectively exposing broad command execution within a privileged partition-management tool. In the context of a merge-partition skill, this is especially dangerous because storage-management commands can cause data loss, partition corruption, or unexpected system changes if misused.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The usage examples explicitly advertise "Resize Partition" and "Split Partition," contradicting the merge-only skill description and signaling that broader disk-modification actions are intended. This increases the likelihood of unsafe or deceptive use because operators may invoke capabilities not disclosed by the skill metadata, leading to unanticipated destructive behavior.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The skill claims to help merge partitions, but the code instead downloads and silently installs third-party partition software. This mismatch between declared purpose and actual behavior is especially dangerous because it can deceive users into running arbitrary software with system-wide effects unrelated to the stated task.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The code combines network download and local process execution in a context where neither is necessary to fulfill the advertised skill behavior. This capability pairing materially increases attack surface by enabling remote payload delivery and execution, making the skill far more dangerous than its partition-merging description suggests.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Partition merge operations modify disk structure and can cause data loss, boot issues, or service interruption if interrupted or misapplied, yet the skill emphasizes 'no data loss' without a strong backup and risk warning. In this context, that reassurance can encourage users to perform irreversible disk operations without adequate safeguards.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The script writes raw shell parameters to a temporary file on disk without warning the user or minimizing persistence, which can expose sensitive volume identifiers, paths, or operational details to other local processes or to forensic recovery after execution. While not the primary risk in this tool, unnecessary persistence of command data increases information exposure in a utility handling potentially sensitive disk-management actions.

Missing User Warnings

High
Confidence
97% confidence
Finding
The script silently downloads an installer and performs an unattended installation with /verysilent and suppressed message boxes, giving the user little visibility into the network fetch or resulting system changes. In skill context, this is more dangerous because users expect partition guidance, not covert software installation that may alter the host system.

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal