ClawHub

TypeScript Package Manager

Security checks across malware telemetry and agentic risk

Overview

This is a package-management guidance skill with risky commands to review, but the artifacts disclose those risks and do not show hidden execution or malicious behavior.

Use this skill as package-manager advice. Before running anything it suggests, inspect any .js.txt helper before renaming it, avoid blindly executing curl-or-PowerShell installer one-liners, confirm the working directory before deletion or clean commands, and review package.json and lockfile diffs before approving changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (14)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The embedded `health-check.sh` is presented as a diagnostic script, but it performs network-dependent package-manager operations such as `npm audit`, `npm outdated`, and on-demand `npx --yes ...` tool execution, which may fetch and execute remote packages. In this skill context, dependency, installer, and helper-script actions are supposed to require explicit user approval and diff review before execution, so bundling these operations into a one-shot health check increases the chance an agent runs mutating or externally sourced commands without the required guardrails.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The markdown includes direct install commands such as bulk `npm install --save-dev ...` recommendations without mentioning the skill’s required approval and diff review controls. In an agent skill, operational examples often become executable guidance, so omission of those guardrails can lead to unreviewed dependency changes and supply-chain exposure.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script presents a migration command that pipes a remote installer directly into a shell (`curl ... | bash`, and PowerShell `iex`) without any integrity verification, pinning, or safety warning. Even though it only prints guidance rather than executing it itself, embedding this pattern in a developer helper materially increases the chance users will run a high-risk installation flow that could execute compromised or tampered code.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The guide instructs users to pipe a remotely fetched installer directly into a shell (`curl ... | bash` and PowerShell `... | iex`) without any integrity verification, pinning, or warning. This creates a real supply-chain execution risk because any compromise of the host, CDN, DNS, TLS termination, or installer script would immediately result in arbitrary code execution on the user's machine.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The document states that Bun automatically loads `.env` files but does not warn that secrets in those files will be consumed by any executed app or script. In a package-management/runtime workflow, this matters because developers may run untrusted code, tests, or helper scripts that can read and exfiltrate environment-based secrets.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The document advertises `bash health-check.sh --fix` as an auto-fix mode even though the script can invoke `knip --fix`, which may modify source files or exports. Without an explicit warning about file changes and required review, an agent could treat this as a safe health check and alter the project unexpectedly.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The workflow explicitly instructs users to execute remotely fetched installer scripts via PowerShell (`iex`) and shell piping (`| sh -`) without any warning, checksum verification, signature validation, or review step. This is dangerous because compromise of the upstream host, network path, or installer content would result in immediate arbitrary code execution on the user's machine.

External Script Fetching

High
Category
Supply Chain
Content
{
      step: 1,
      title: 'Install Bun',
      cmd: 'curl -fsSL https://bun.sh/install | bash   # macOS/Linux\n  powershell -c "irm bun.sh/install.ps1 | iex"  # Windows',
    },
    {
      step: 2,
Confidence
98% confidence
Finding
curl -fsSL https://bun.sh/install | bash

External Script Fetching

High
Category
Supply Chain
Content
} else {
    console.log(`\n  ${c.yellow('⚠️')}  Bun is not installed or not on PATH.`);
    console.log(`\n  Install with:`);
    console.log(`    ${c.cyan('curl -fsSL https://bun.sh/install | bash')}   # macOS/Linux`);
    console.log(`    ${c.cyan('powershell -c "irm bun.sh/install.ps1 | iex"')}  # Windows`);
  }
  console.log();
Confidence
98% confidence
Finding
curl -fsSL https://bun.sh/install | bash

External Script Fetching

High
Category
Supply Chain
Content
### macOS / Linux

```bash
curl -fsSL https://bun.sh/install | bash
```

### Windows (via PowerShell)
Confidence
99% confidence
Finding
curl -fsSL https://bun.sh/install | bash

External Script Fetching

High
Category
Supply Chain
Content
```bash
# Install Bun
curl -fsSL https://bun.sh/install | bash

# Remove node_modules and reinstall with Bun
rm -rf node_modules
Confidence
99% confidence
Finding
curl -fsSL https://bun.sh/install | bash

External Script Fetching

High
Category
Supply Chain
Content
iwr https://get.pnpm.io/install.ps1 -useb | iex

# Using standalone script (macOS/Linux)
curl -fsSL https://get.pnpm.io/install.sh | sh -
```

### Verify Installation
Confidence
99% confidence
Finding
curl -fsSL https://get.pnpm.io/install.sh | sh

Chaining Abuse

High
Category
Tool Misuse
Content
### macOS / Linux

```bash
curl -fsSL https://bun.sh/install | bash
```

### Windows (via PowerShell)
Confidence
98% confidence
Finding
| bash

Chaining Abuse

High
Category
Tool Misuse
Content
```bash
# Install Bun
curl -fsSL https://bun.sh/install | bash

# Remove node_modules and reinstall with Bun
rm -rf node_modules
Confidence
98% confidence
Finding
| bash

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal