ClawHub

A/B Testing Tool Skill

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its A/B testing purpose, but its CLI can build file paths from test names without blocking path traversal, which could modify JSON files outside its intended test folder.

Use this only with simple, trusted test names until the path handling is fixed. Ask the maintainer to constrain all reads and writes to the skill's tests directory and to provide pinned dependency/install guidance.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI02: Tool Misuse and Exploitation
Medium
What this means

If the agent uses a malicious or untrusted test name, it could corrupt or modify local JSON files outside the skill's own storage folder.

Why it was flagged

Only whitespace is sanitized; path separators and '..' remain. A crafted name such as '../package' would resolve outside the tests directory and overwrite package.json with test data.

Skill content
const testFile = path.join(TESTS_DIR, `${options.name.replace(/\s+/g, '_')}.json`); fs.writeFileSync(testFile, JSON.stringify(testData, null, 2));
Recommendation

Reject absolute paths, '..', and path separators in test names, or resolve the final path and verify it stays inside TESTS_DIR before reading or writing.

#
ASI04: Agentic Supply Chain Vulnerabilities
Low
What this means

Dependency behavior could change across installs if newer compatible versions are pulled.

Why it was flagged

The CLI uses external npm packages with caret version ranges, so a future install may resolve to newer package versions. This is common for Node tools, but it is not fully pinned.

Skill content
"dependencies": { "commander": "^12.0.0", "chalk": "^4.1.2", "fs-extra": "^11.2.0" }
Recommendation

Use a lockfile or pinned dependency versions for reproducible installs, and install only from trusted package sources.

#
ASI06: Memory and Context Poisoning
Low
What this means

Business metrics or experiment details entered into the tool may remain on disk after the session.

Why it was flagged

The skill creates a local tests directory and persists test names, variants, metrics, and results as JSON files.

Skill content
const TESTS_DIR = path.join(__dirname, 'tests'); fs.ensureDirSync(TESTS_DIR); ... fs.writeFileSync(testFile, JSON.stringify(testData, null, 2));
Recommendation

Avoid putting secrets or sensitive customer data in test names or metrics, and document how users can delete stored test files.