ClawHub

Architecture Critic

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed architecture-review helper that uses your Anthropic key to send a scoped task and repository snapshot for review, then saves a local verdict file.

Install only if you are comfortable sending task briefs and selected repository metadata to Anthropic using your own API key and accepting the usage cost. Avoid including secrets, customer data, or sensitive incident details in briefs, file names, commit messages, .sacred, or deployment config, and periodically clean up saved verdict files if they contain confidential architecture or security findings.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill declares required executables and credentials and explicitly instructs users to run a bash script that consumes an API key, but it does not declare any permissions governing shell execution or environment-variable access. That mismatch weakens least-privilege controls and can let the skill execute commands or access sensitive environment data without clear, reviewable authorization boundaries.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script’s stated behavior implies the critic only receives task and codebase context, but it also reads local credentials from environment/config to call Anthropic. Even if the key itself is not sent in the prompt, this is still a security-relevant external data flow and capability mismatch that can mislead operators about what the skill accesses and does.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The script collects repository structure, protected-file listings, deployment config, dependencies, and recent commit history, then later transmits that snapshot to Anthropic. This is an exfiltration channel for potentially sensitive internal metadata, and the skill description does not clearly warn that third-party transfer occurs.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The task brief, checklist, and codebase snapshot are embedded into a prompt and sent to an external API without any explicit warning, confirmation, or policy enforcement in the script. In security-sensitive repos, this can leak architecture details, roadmap information, and protected operational context to a third party.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal