ClawHub

System Auditor

Security checks across malware telemetry and agentic risk

Overview

This looks like a simple local system checker, but it overstates its security-audit capabilities enough that users should review it carefully before relying on it.

Treat this as a basic local system information and security-configuration checker, not a dependable CVE scanner or compliance tool. Do not use its CVE or patched/not-patched output for security decisions without independent verification from vendor advisories and proper vulnerability tooling.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill advertises broad system auditing functions that inherently require shell execution and access to sensitive host state, but it declares no explicit permissions or safety boundaries. This can cause the platform or user to authorize and run host-level commands without clear disclosure, increasing the risk of unintended system inspection or misuse.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill metadata and help text materially overstate the security capabilities of the tool, claiming comprehensive CVE scanning, CIS compliance, network exposure analysis, and benchmarks that are not actually implemented. This can mislead operators into relying on incomplete results and missing real security issues, which is dangerous in a security-auditing context.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The CVE logic presents a definitive vulnerability assessment based only on whether an xfrm-related module count is greater than zero, and even labels the negative case as 'patched'. In a security audit tool, this is highly misleading and can produce false assurance about patch status or exploitability, causing users to ignore real exposure.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill encourages comprehensive auditing and report generation without warning that it may enumerate services, inspect security configuration, and collect sensitive system details. Users may run it without understanding privacy, operational, or data-handling implications, which is especially risky for enterprise environments and generated reports.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal