ClawHub

SenseCraft AI Model Hub

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent SenseCraft model helper with optional local demo behavior, but users should notice the downloads, package installs, local files, and webcam access before running those parts.

Install only if you want SenseCraft model discovery/download tooling and optional local vision demos. Run the setup script in an isolated environment if possible, review downloaded model files before production use, and run the webcam demo only when you intentionally want local camera processing; delete saved captures when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill advertises operational capabilities that involve network access, local file reads/writes, and script-driven execution paths, but it does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: users and the host platform may not realize the skill can download artifacts, write manifests/files, and interact with local resources, increasing the chance of unintended data access or unsafe execution flows.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The documented behavior goes beyond simple model-library access: it includes environment setup, package installation, model execution, webcam access, image processing, and saving captures. That mismatch is dangerous because users may invoke what appears to be a catalog/search skill without realizing it can install software and access sensitive peripherals, which materially changes the trust boundary.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The instructions direct the agent to download model files and export indexes/manifests to local paths, but they do not clearly warn that files will be created or overwritten on disk. While expected for this workflow, the lack of explicit disclosure can lead to unintended writes, clutter, or accidental placement of untrusted downloaded artifacts in sensitive directories.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The webcam demo section instructs users to run scripts that access the local camera and may save annotated frames, but it lacks a direct privacy/surveillance warning. Camera access and frame persistence are sensitive operations; without explicit notice and consent language, users may unknowingly expose live imagery or retain recordings on disk.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The demo opens the webcam immediately when run without --image and starts processing live video frames for person detection, but it does not present an in-app warning or explicit consent prompt before capture begins. Even though the OS may enforce camera permissions, users can still be surprised by live biometric-adjacent image processing and may inadvertently capture or save sensitive imagery.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal