Scan To Skill

Security checks across malware telemetry and agentic risk

Overview

This skill decodes QR codes to install ClawHub skills, and its sensitive install action is disclosed and gated by an explicit confirmation step.

Install only if you want a QR code to select ClawHub skills for installation. Review the decoded slug and the skill page before approving, especially when the QR code comes from an unfamiliar source.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill invokes local scripts and the ClawHub CLI to decode QR content and perform installations, which requires shell execution and potentially network access, yet no permissions are declared. This creates a trust and review gap: an operator may approve or run the skill without realizing it can execute commands and install remote content, increasing the chance of unintended code execution or supply-chain exposure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal