ClawHub

mission-control-visual-qa

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate remote visual QA skill, but users should understand it runs code on a configured SSH host and saves screenshots.

Install only if you intend to run visual checks from the configured SSH host. Avoid URLs with secrets in query strings, use a trusted remote host, and treat saved screenshots as sensitive if they capture internal, authenticated, or personal data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
79% confidence
Finding
The skill describes support for environment-controlled behavior via `SSH_TARGET`, `REMOTE_RUN_DIR`, and `OUTPUT_DIR`, but does not declare corresponding permissions/capabilities. Undeclared environment usage can hide how execution context is influenced, making it easier for an agent or operator to run the skill against unintended hosts or paths and reducing reviewability of the skill's true behavior.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The script fetches arbitrary user-supplied URLs in a real browser and saves full-page screenshots to disk. In a visual-QA skill this behavior is intentional, but it can still capture sensitive page contents such as internal dashboards, authenticated sessions, PII, tokens rendered in the UI, or other confidential information, leaving those artifacts on disk without minimization or consent checks. The skill context makes this somewhat less suspicious because screenshots are central to the feature, but it remains a real privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script unconditionally creates directories over SSH, copies a local JavaScript file to a remote host, and executes it remotely without any warning, prompt, or explicit disclosure to the user. In an agent skill context this is security-relevant because it silently causes code execution and data movement on another system, which can surprise users, violate trust boundaries, and lead to unintended exposure if SSH_TARGET points to a sensitive host.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
All URLs supplied on the command line are forwarded to the remote host for processing, but the script does not disclose that user inputs are being transmitted off the local machine. In this skill's context, URLs may contain internal hostnames, staging endpoints, tokens in query strings, or other sensitive metadata, so silently sending them to a remote system expands the exposure surface and can leak confidential information.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal