ClawHub

Leanctx Integration

Security checks across malware telemetry and agentic risk

Overview

The skill appears useful, but it broadly intercepts file reads and shell command output with unclear scope, retention, and install-time network disclosure.

Review before installing. Use it only if you are comfortable with a skill that can transparently process file contents and shell output, and avoid using it around secrets, credentials, private logs, or sensitive commands until the publisher documents opt-in controls, exclusions, caching, and retention.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The security manifest states that no external endpoints are called, but the script conditionally runs `npm install`, which typically contacts external package registries and may execute lifecycle scripts from dependencies. This is a real security-relevant mismatch because it can mislead reviewers and users about network access and supply-chain exposure during installation.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README explicitly states that the skill transparently intercepts both file reads and shell command output, but it does not disclose what data may be processed, cached, retained, or exposed to other components. In an agent/tooling environment, silent interception of sensitive command output or file contents can create confidentiality and observability risks because users may not realize the skill is modifying and handling all tool data in the background.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The skill states it transparently intercepts `read` and `exec` tool calls without explicit user approval, but does not define clear trigger boundaries, scope restrictions, or safety controls. In this context, broad autonomous interception is security-relevant because it can silently alter how sensitive file contents and command outputs are processed, cached, and presented to the agent, increasing the risk of unintended exposure, data minimization failures, or loss of important security-relevant output.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal