ClawHub

Find Skill

Security checks across malware telemetry and agentic risk

Overview

This skill mostly performs skill search, but it uses an under-disclosed third-party mirror and labels mirror results as verified, which could mislead users about what to install.

Review this before installing in environments where skill discovery influences installation decisions. Treat displayed verified status and ClawHub source labels cautiously, avoid entering confidential search terms, and prefer a version that clearly labels third-party results, stops marking mirror data as verified by default, and updates/pins axios.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The code routes search traffic to a third-party mirror service while presenting it as the practical source of truth for skill discovery, and then marks returned skills as verified by default. This creates a supply-chain trust problem: untrusted remote metadata can influence what users discover and potentially install, with no provenance validation or explicit user consent.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The search method logs raw user queries and translated queries in clear text, which can expose sensitive user input such as tokens, personal data, internal project names, or confidential research terms to application logs. In agent or skill ecosystems, logs are often centralized, retained, and accessible to operators or third parties, increasing the chance of unintended disclosure.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"author": "",
  "license": "MIT",
  "dependencies": {
    "axios": "^1.6.8"
  },
  "devDependencies": {}
}
Confidence
91% confidence
Finding
"axios": "^1.6.8"

Known Vulnerable Dependency: axios==1.6.8 — 10 advisory(ies): CVE-2025-62718 (Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF); CVE-2026-42044 (Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `pars); CVE-2026-25639 (Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig) +7 more

High
Category
Supply Chain
Confidence
99% confidence
Finding
axios==1.6.8

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal