ClawHub

npm

Security checks across malware telemetry and agentic risk

Overview

This npm skill is mostly transparent, but it can reach broader npm account-changing actions than its read-focused description makes clear.

Install only if you are comfortable connecting npm through ClawLink and giving the agent access to whatever npm tools your connected account exposes. Treat it as more than a read-only registry lookup helper if your npm connection includes token or account-management tools, and approve only previews for actions you explicitly requested.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill is marketed as a read-oriented npm registry inspection tool, but its execution guidance explicitly allows write and account-changing operations via dynamically discovered ClawLink tools. This creates a scope mismatch: users and downstream agents may trust the skill as low-risk while it can invoke higher-risk actions if exposed by the integration, increasing the chance of unintended destructive or privileged operations.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The rule about confirming before deleting tokens reveals a destructive token-management capability that is not disclosed in the skill's name, description, or advertised purpose. Hidden high-impact functionality is dangerous because agents may load or approve the skill under the assumption it only performs package search and advisory reads, while the live tool catalog may expose credential-affecting actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal