ClawHub

ClawHub Retry & Fallback

Security checks across malware telemetry and agentic risk

Overview

This is a coherent retry, fallback, degradation, and audit-logging helper, but users should scope retries, fallback tools, and log exports carefully.

Install only if you are comfortable with a helper that can repeat operations, switch to registered backup functions, and write audit records locally. Use it for idempotent or deduplicated operations, register only trusted fallback tools, enable confirmation for side-effecting backups, keep logs in a protected directory, avoid logging secrets, and pin dependencies in production.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Findings (11)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill advertises capabilities that imply file access, file writing, and network use, but it does not declare permissions or boundaries for those operations. In an agent environment, undeclared capabilities reduce transparency and can lead to unexpected data access or exfiltration when the skill is invoked.

Context-Inappropriate Capability

Medium
Confidence
82% confidence
Finding
save_config accepts an arbitrary filepath and writes YAML to that location after creating parent directories, with no path restriction or validation. If untrusted input can reach this method, it could overwrite files accessible to the process, causing configuration tampering, data loss, or unsafe persistence outside the skill's intended scope.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly demonstrates querying and exporting audit logs, including broad retrieval and full-task reporting, without any warning about sensitive contents, access control, redaction, or least-privilege handling. In a retry/fallback/audit skill, logs are likely to contain exception messages, tool names, parameters, task IDs, and potentially user-supplied data, so normalizing unrestricted export behavior in documentation can lead to privacy leakage and over-collection in downstream implementations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The example shows automatic retry of an HTTP request without warning about duplicate transmissions, non-idempotent operations, rate limits, or unintended side effects. Even if the sample uses GET, the skill is framed as a general retry mechanism, so users may apply it to state-changing requests and accidentally trigger repeated actions or data disclosure.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The logger persistently writes detailed operational and error data, including task IDs and exception messages, to disk in cleartext JSONL without any sanitization, minimization, access-control handling, or retention policy. In an agent skill handling failures and fallbacks, exception messages and task metadata can contain sensitive prompts, tokens, paths, or business data, so log disclosure becomes a practical confidentiality risk.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The export functions copy accumulated audit data, including detailed error and workflow information, to arbitrary caller-specified file paths and formats with no sensitivity checks, redaction, or destination restrictions. In this skill context, audit exports can spread sensitive failure data more broadly than the original logs, increasing the chance of accidental disclosure through insecure locations, shared files, or downstream processing.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
`execute_with_fallback` will automatically invoke backup tools after a primary tool failure, and confirmation is only required when each backup entry explicitly sets `requires_confirmation=True` and a callback is provided. In an agent/tooling context, fallback tools may have different side effects, permissions, data handling, or external destinations, so silent substitution can cause unintended actions or data disclosure without user awareness.

Unpinned Dependencies

Low
Category
Supply Chain
Content
retry>=0.9.1
pyyaml>=6.0
python-json-logger>=2.0.0
Confidence
96% confidence
Finding
retry>=0.9.1

Unpinned Dependencies

Low
Category
Supply Chain
Content
retry>=0.9.1
pyyaml>=6.0
python-json-logger>=2.0.0
Confidence
99% confidence
Finding
pyyaml>=6.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
retry>=0.9.1
pyyaml>=6.0
python-json-logger>=2.0.0
Confidence
95% confidence
Finding
python-json-logger>=2.0.0

Known Vulnerable Dependency: pyyaml — 8 advisory(ies): CVE-2019-20477 (Deserialization of Untrusted Data in PyYAML); CVE-2020-1747 (Improper Input Validation in PyYAML); CVE-2020-14343 (Improper Input Validation in PyYAML) +5 more

Critical
Category
Supply Chain
Confidence
98% confidence
Finding
pyyaml

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal