ClawHub

Quasi Coder

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only coding helper, but it gives agents broad permission to turn shorthand into command execution, network fetches, and file writes without enough explicit confirmation controls.

Install only if you intentionally want an agent to interpret shorthand as real actions, not just code suggestions. Use explicit target files and markers, inspect diffs, and require separate confirmation before command execution, network fetches, generated files, or writes outside the intended edit area.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill’s stated role is code interpretation within explicit file boundaries, but it additionally authorizes operational actions like running commands, fetching data, and generating graphics. That scope expansion is dangerous because it can turn ambiguous shorthand into side-effecting behavior with filesystem, network, or execution impact without a clear, explicit user confirmation step.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
Granting command execution, data fetching, and graphics generation capabilities is not well-justified by a shorthand-to-code skill and violates least privilege. In practice, this broadens the attack surface for prompt injection or ambiguous requests to cause unintended external actions beyond safe code translation.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The troubleshooting section explicitly instructs the skill to execute non-code actions such as running commands, creating files, and fetching data. This is dangerous because it normalizes action-taking from shorthand requests without ensuring authorization, safety review, or user awareness of system and network side effects.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The advanced example legitimizes fetching data from an API and writing it to a file as part of shorthand interpretation. Even if intended as a convenience example, it encourages network and file side effects from natural-language input, which can be abused to exfiltrate data, overwrite files, or make unintended external requests.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger model is overly broad: generic terms like 'shorthand' and activation based on merely 'clear intent' make invocation boundaries ambiguous. This increases the risk that unrelated user content or embedded instructions are treated as authoritative shorthand, leading to unintended edits or actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill permits commands, file creation, network fetches, and saving responses without any explicit warning or confirmation about system, network, or file-modifying effects. In a prompt-injection context, this combination of side-effecting actions and missing consent guardrails materially raises the risk of unauthorized environment changes or data movement.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal