ClawHub

Local AI Stack

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only local AI setup guide whose risks are visible and purpose-aligned, though users should treat the install and update steps as online supply-chain-sensitive actions.

Install only if you are comfortable downloading software and models from the listed sources. Treat the stack as offline-capable after setup, not internet-free during setup. Prefer official downloads or package-manager installs where possible, review any installer or update script before running it, and skip the cron update if you do not want unattended network downloads or model changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The documentation claims the setup is 'fully offline' and requires 'no internet', but the installation and model acquisition steps explicitly require downloading code and model artifacts from remote services. This mismatch can mislead users into making trust and security decisions under false assumptions, especially in privacy-sensitive or air-gapped contexts.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The instructions tell users to pipe a remotely fetched script directly into the shell, which executes unreviewed code immediately with the user's privileges. If the remote server, CDN, TLS path, or published script is compromised, this becomes a straightforward remote code execution path.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The auto-update guidance instructs users to schedule recurring updates without warning that this will periodically contact remote services and modify local model files automatically. This increases supply-chain exposure over time and reduces user visibility into when changes are introduced.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal