ClawHub

Founder Article

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent article generator, but its optional publishing flow can create GitHub repositories and GitHub Pages sites without clear consent, visibility, or cleanup safeguards.

Use this for local drafting and PDF generation with generated content you are comfortable processing locally. Before allowing any GitHub publishing, confirm the exact files, repository name, repository visibility, Pages URL, and whether the content will be public; avoid publishing confidential business strategy or investor material without a manual review.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
78% confidence
Finding
The skill advertises content generation but static analysis indicates file_read capability without any declared permission boundary. Undeclared file access is risky because it can pull in local content unrelated to the user's request, including sensitive workspace files, and the absence of an explicit permission model reduces user awareness and reviewability.

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
There is a significant description-behavior mismatch: the skill claims to generate polished business articles, but analysis suggests additional packaging behavior and reliance on local browser binaries for PDF rendering. This is dangerous because users may consent to a benign-seeming content task while the skill performs unexpected local operations, increasing the chance of unauthorized packaging, execution path abuse, or data exposure through auxiliary tooling.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The MRD explicitly describes a flow that creates or updates a GitHub repository and automatically deploys to GitHub Pages, but it does not mention any requirement for explicit user confirmation, scoping, or safeguards before publishing externally. In an agent skill, automatic external publication can expose sensitive drafts, overwrite repository contents, or cause unintended public release, making this a real security-relevant design issue even though it appears product-driven rather than malicious.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README explicitly states that the skill will create a GitHub repository, enable GitHub Pages, and return a shareable URL, but it does not warn users that their generated content may be published externally and become publicly accessible. In a content-generation skill aimed at founders and investors—who may include confidential strategy, market analysis, or proprietary business information—this omission creates a real risk of unintended data disclosure.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill describes optional GitHub repository creation and GitHub Pages publishing without a prominent warning that content may be made public externally. This is dangerous because users may unintentionally publish proprietary business analysis, internal strategy, or personal data to a public repository or website, creating immediate confidentiality and reputational risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal