CLI Anything

Security checks across malware telemetry and agentic risk

Overview

This looks like a local CLI-development helper with disclosed but somewhat under-scoped local inspection behavior, not evidence of malware or data theft.

Install this only if you are comfortable with the skill inspecting the local CLI-Anything workspace and running local helper scripts. Review the hardcoded path and prefer using it in a sandbox or with an explicit project directory if the workspace contains private code.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 86% confidence
Finding: The skill explicitly instructs the agent to run local Python scripts and inspect repository contents, which is shell-capable behavior, but no permissions are declared. That creates a trust and policy gap: users or the platform may assume this skill is documentation-only when it can actually execute commands and enumerate local filesystem data.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 78% confidence
Finding: The stated description focuses on generating/refining CLIs and adapting them for OpenClaw, but the skill also performs concrete local discovery and ranking of projects via hardcoded workspace paths and helper scripts. This mismatch is risky because it hides operational behavior that can expose local repo structure and metadata, reducing informed consent and making the skill more capable than advertised.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal