ClawHub

Windows Terminal Control

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it would let an agent run broad Windows terminal commands while its safety limits are unclear and partly unsupported.

Install only if you intentionally want an agent to use your Windows terminal. Treat it like giving access to your command line: review commands before they run, restrict use to trusted project folders, and be especially careful with installs, commits, migrations, network commands, and background processes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill documentation makes conflicting security claims: it says dangerous patterns are blocked and inputs are sanitized, while also admitting the skill trusts command input and can run arbitrary CLI commands. This can mislead users or upstream agents into believing strong safeguards exist when in reality the capability is effectively arbitrary command execution with user privileges.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The file claims both that the skill can operate in any directory the user can access and that it cannot access files outside the workspace. These contradictory statements can cause an agent or user to overtrust boundary protections that do not actually exist, leading to unintended access or modification of sensitive files.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The invocation guidance is extremely broad, covering routine development and command-line workflows, which increases the chance that an autonomous agent will select this skill for many ordinary requests. Because the skill enables arbitrary command execution on the host, broad matching expands the attack surface and raises the likelihood of unsafe or unnecessary terminal actions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The examples normalize commands that can modify files, install dependencies, and start services without any warning or confirmation pattern. In an agent setting, examples often shape behavior, so this can encourage execution of state-changing or network-affecting actions without sufficient user awareness.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal