ClawHub

Skill Index

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims, but its hook installer can persistently change repository behavior and overwrite existing Git hooks without safeguards.

Running register.sh manually is the lower-risk path because it only regenerates skills/INDEX.md. Before running install-hooks.sh, inspect any existing .git/hooks/pre-commit and .git/hooks/post-merge files and preserve or merge them manually; otherwise this skill may replace existing checks and continue modifying the index during future Git operations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill advertises and instructs use of shell scripts (`register.sh`, `install-hooks.sh`) but does not declare any permissions or clearly surface that it performs shell-capable operations. This creates a transparency and consent problem: an agent or user may invoke a skill with filesystem and git-hook side effects without an explicit permission boundary, increasing the chance of unintended code execution or repository modification.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger phrases are broad (`scan skills`, `update index`, `manage skill list`, `skill inventory`) and can match normal administrative or conversational requests that were not intended to invoke this skill. Because the skill performs shell-backed scanning and can lead to persistent hook installation, ambiguous invocation increases the risk of unintended execution and repository changes.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation says git hooks keep the index fresh on every commit and pull, but it does not prominently warn that installing hooks introduces automatic code execution and file modification during future repository operations. Persistent hooks materially expand impact because they continue running after initial setup, potentially surprising users, altering commits, or becoming a foothold for later abuse if the scripts are changed.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal