ClawHub

File Browser Operator

Security checks across malware telemetry and agentic risk

Overview

This FileBrowser skill is transparent documentation, but it gives an agent broad file, sharing, deletion, and admin-capable API authority with some scope and confirmation gaps.

Install only if you intend an agent to operate your FileBrowser account. Use a least-privilege FileBrowser user, set a narrow scope, avoid admin credentials unless account management is intentional, review exact file lists before organizing or deleting, and prefer short-lived share links that you revoke after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The example commands at the end of the skill operate on root-level paths such as `path=/`, `hello.txt`, and `/api/raw/hello.txt`, which directly contradict the earlier requirement that all operations must remain under a configured `scope`. In practice, users or agents often copy examples verbatim, so this inconsistency can cause out-of-scope reads and writes despite the documented restriction.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The reference expands the skill’s usable surface beyond the stated file-browsing and scoped organization workflow by documenting global settings and full user-management endpoints. Even if presented as reference material, this can enable an agent or integrator to invoke admin-capable actions unrelated to the declared purpose, increasing the risk of account takeover, privilege changes, or broad instance modification.

Intent-Code Divergence

High
Confidence
95% confidence
Finding
The document claims all paths must remain within configured scope, but it also documents endpoints such as user management, sharing, and settings that are not path-scoped at all. This mismatch is dangerous because it creates a false sense of containment while still exposing instructions for global administrative actions that can affect the entire FileBrowser instance.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal