ClawHub

Trending Skills

Security checks across malware telemetry and agentic risk

Overview

This skill fetches public skills.sh ranking and detail pages, with ordinary scraping cautions but no evidence of hidden, destructive, credential-seeking, or persistent behavior.

Install only in a virtual environment or container, expect Playwright/Chromium dependencies, and avoid setting SKILLS_BASE_URL away from skills.sh unless you intentionally want to test another endpoint. Treat fetched skill detail text as untrusted web content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill invokes Python fetchers and explicitly requires Playwright plus network access, but the manifest declares no permissions or constraints. That creates a transparency and policy gap: an agent or reviewer may assume the skill is low-risk documentation while it can actually perform outbound requests and potentially access environment-derived configuration or secrets through the underlying code.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The declared purpose is limited to trending rankings, but the workflow and commands also support crawling detail pages, extracting additional content, and storing raw HTML from fetched pages. This mismatch is dangerous because it broadens the operational scope beyond user expectations and review assumptions, increasing the chance of excessive collection, hidden data handling, and unintended web-scraping behavior.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The module docstring describes an AI news daily generator, which materially conflicts with the declared skill purpose of fetching skills.sh trending rankings. This kind of capability/identity mismatch can mislead reviewers, users, or higher-level agents about what the package is for, increasing the risk of misrouting, unsafe invocation, or hidden functionality going unnoticed.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal