ClawHub

Disinto Factory

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed operations helper for a specific autonomous code factory, with sensitive but purpose-aligned repo and CI access.

Install only in the intended Disinto repository environment. Use repo-scoped and CI-scoped tokens, verify FORGE_API and WOODPECKER_SERVER before running helpers, review issue title/body/labels before posting, and avoid using crafted --date values until read-journal.sh validates dates.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
83% confidence
Finding
The skill exposes shell execution capability through documented use of `bash`, `curl`, `jq`, and `git`, but there is no explicit permission/safety boundary describing when command execution is allowed or what resources may be accessed. In an agent setting, undeclared execution capability can cause users or orchestrators to invoke the skill with broader trust than warranted, increasing the risk of unintended local command execution and access to sensitive environment variables or repository state.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The description says to use the skill for broadly 'operating' the factory, managing agents, filing issues, reading journals, querying CI, checking dependencies, and inspecting health, without clear trigger boundaries or limits on destructive versus read-only actions. This broad invocation language makes accidental overuse more likely and can cause an agent to select this skill in contexts involving secrets, shell access, or network/API operations that the user did not clearly intend.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation includes a direct `curl` example that sends a bearer token to an external CI service, but it does not warn that this transmits credentials over the network or advise users to validate the endpoint and avoid leaking tokens in logs, terminals, or recordings. In a skill intended for autonomous operations, such examples can normalize unsafe handling of high-value API credentials and increase the chance of credential exposure or unintended data disclosure.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal