ClawHub

Write

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local writing workflow skill with ordinary file-writing and versioning risks, but no artifact-backed deception, exfiltration, or malicious behavior.

Install this only if you want a managed local writing workspace that stores drafts, version history, audits, research notes, and preferences. Use a dedicated directory such as ~/writing, avoid untrusted piece IDs or workspace paths, verify the script paths after installation, and review important edits before relying on the backup history.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The script advertises enforced versioning, but it only creates a backup when the existing content file is non-empty. If the file is missing or empty, new content is written with no archived prior state, breaking the guarantee of always preserving the previous version and enabling silent data loss or loss of auditability. In a writing/versioning skill, that mismatch between claimed behavior and actual behavior is directly relevant because users may rely on recoverability before edits.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The skill instructs first-use execution of a local shell script that creates a workspace under the user's home directory, but it does not warn that it will modify the local filesystem or require user confirmation. In an agent setting, this can normalize automatic local side effects and cause unintended directory/file creation, especially when users may not realize setup performs writes on their machine.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill prescribes a concrete file-modification workflow that writes drafts to a temp file and then applies them into a repository path via a script, but it provides no instruction to confirm user intent or warn that repository content will be changed. In an agent setting, this increases the risk of unintended or unauthorized content modification, especially when the task is delegated to sub-agents and framed as a default workflow.

VirusTotal

50/50 vendors flagged this skill as clean.

View on VirusTotal