Back to skill

Security audit

Clawhub Publish Workflow

Security checks across malware telemetry and agentic risk

Overview

This publishing workflow is mostly related to ClawHub skill publishing, but it needs review because it handles API tokens unsafely and its bundled tooling is broader and less consistent than advertised.

Review before installing. Use only a limited ClawHub token, do not store tokens in markdown or workspace files, verify every helper script path before running it, avoid --all unless you intend broad local scanning, and require explicit approval before any login or publish command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill instructs use of shell commands, networked publishing, file access, and token-based authentication, but does not declare permissions. This creates a transparency and consent problem: an agent or reviewer may invoke a workflow with materially broader capabilities than expected, including reading local files and sending data to external services.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The skill claims a complete publishing and security workflow, but the provided content only documents commands and references bundled tools whose behavior is not actually evidenced here; the static finding also indicates undeclared recursive local enumeration behavior not described in the skill. This mismatch is dangerous because users may trust the skill as a bounded publishing aid while it can drive broader local inspection or incomplete security checks under a misleading description.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The file gives concrete instructions for obtaining, storing, and using a ClawHub API token, including an example that places the credential in a markdown memory file, but it does not warn against plaintext storage, accidental publication, shell history leakage, or access control. In a skill explicitly designed for publishing, this increases the chance that users handle long-lived credentials insecurely and expose them through workspace files, version control, or logs.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.