ClawHub

Audit Code

Security checks across malware telemetry and agentic risk

Overview

This is a coherent code-audit skill, but users should know it may check detected pip/npm package names against public registries.

Install if you want a local repository security scanner and are comfortable with it reading the selected project, including .env-like files, and printing matched snippets in its report. Avoid or network-restrict it for confidential repositories where private package names must not be sent to PyPI or npm.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
82% confidence
Finding
The skill description says it performs security-focused code review, but the documented checks and static finding indicate broader behavior, including outbound package-registry verification and repository hygiene inspection. This mismatch can cause operators to authorize the skill under an incomplete understanding of its behavior, which is risky in a security-sensitive context because it may expand data exposure or external communication beyond expectation.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The audit-code skill includes live package registry verification logic that performs outbound requests, which materially expands the skill from static code review into active network interaction. In a security review context this can disclose package names from scanned code to third parties and create side effects that users may not expect from a local audit operation.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Verify_Package performs outbound HTTP requests to PyPI and npm, giving the skill network egress capability not obviously required by its stated code-audit purpose. Even if intended for package validation, this increases the attack surface, leaks scanned dependency names externally, and may violate least-privilege expectations for an audit tool.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
Package names extracted from findings are sent to external registries during verification without clear user-facing disclosure or consent. In some environments, dependency names can reveal internal projects, private packages, or sensitive development activity, making this a privacy and policy concern.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal