ClawHub

Code Analysis Skills 1.0.6

Security checks across malware telemetry and agentic risk

Overview

This skill runs locally, but it ranks and labels individual developers from Git history, so it needs careful review before installation.

Install or run this only on repositories you are authorized to analyze, with informed consent from affected developers. Prefer aggregate or self-review use, set an explicit repo path, author list, and date range, avoid broad recursive scans unless necessary, and do not use the grades, leaderboards, or slacking labels for HR, compensation, discipline, or public shaming. Store generated reports carefully because they may contain personal work-pattern data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (13)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill instructs the agent to read repositories, execute Python CLI commands, and write reports, which implies file_read, shell, and file_write capabilities, yet no permissions are declared in the manifest. This creates a trust gap where the runtime may expose powerful actions without transparent user consent or policy review, increasing the chance of unauthorized repository access, command execution, or report writes to unintended paths.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The README presents a contradictory trust and safety posture: it says the tool is not for performance evaluation, but elsewhere explicitly advertises developer scoring, grading, rankings, and a 'slacking index'. That inconsistency can mislead users, normalize prohibited employee monitoring uses, and undermine informed consent and policy compliance around people-data processing.

Intent-Code Divergence

Low
Confidence
82% confidence
Finding
The privacy statement says the tool runs completely locally and does not transmit data externally, but the README also references use as a hosted skill/plugin on an external platform without clearly distinguishing deployment modes. This can create a false sense of privacy and lead users to expose repository-derived personal activity data under incorrect assumptions about where processing occurs.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases are broad enough to activate on ordinary requests about teammates' productivity or work habits without clearly restricting use to authorized repository analysis. In a conversational agent context, this increases the chance of analyzing personnel-related behavioral data in inappropriate or insufficiently consented situations.

Natural-Language Policy Violations

High
Confidence
97% confidence
Finding
The README headline and framing explicitly encourage exposing 'slacking' coworkers, which steers the skill toward employee surveillance and stigmatizing inferences from behavioral data. In this skill context, that framing is especially dangerous because the tool analyzes identifiable developer activity and can be used to justify unfair or noncompliant personnel judgments.

Natural-Language Policy Violations

High
Confidence
96% confidence
Finding
The documented features for developer scoring, letter grades, ranking lists, and a 'slacking index' operationalize behavioral telemetry into personnel-style evaluation outputs. Those outputs materially increase the risk of misuse for HR, compensation, discipline, or biased management decisions, despite the README's softer disclaimer elsewhere.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill advertises very broad trigger phrases such as generic repository/code analysis requests, which increases the chance the agent invokes it in contexts where users did not intend sensitive personnel profiling. In this skill's context, unintended invocation is more dangerous because the output includes direct scoring, slacking judgments, and behavioral analysis of named developers.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The introductory description strongly promotes analysis and scoring of developers but does not place a prominent up-front warning that the skill profiles individuals using sensitive behavioral metadata like working hours, weekend activity, and 'slacking index'. That omission can lead users to initiate intrusive analysis without understanding the privacy, employment, and consent implications.

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
The skill explicitly frames its purpose around judging developers' 'slacking behaviors' and assigning a 'slacking index,' which introduces stigmatizing and potentially unfair personnel profiling without any stated safeguards, validation criteria, or consent boundaries. In this context, the skill is more dangerous because it is designed for workplace-style evaluation and could be used to make reputational or employment decisions from incomplete or misleading repository signals.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The analyzer assigns derogatory or humiliating labels such as 'Professional Slacker' and Chinese pejorative equivalents to identified developers without any consent, opt-in, or contextual safeguards. In this skill's context—explicitly marketed for developer evaluation, slacking detection, and work-habit analysis—this creates a real harm vector by enabling targeted shaming, unfair profiling, and potentially discriminatory workplace use at scale.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This analyzer profiles individual developers' working-hour habits, weekend activity, late-night behavior, and streaks at per-author granularity without any indication of consent, notice, minimization, or safeguards. In this skill's context, the feature is explicitly used for developer evaluation and 'slacking' analysis, which increases the risk of privacy-invasive monitoring, unfair employment decisions, and misuse of behavioral telemetry.

Natural-Language Policy Violations

Medium
Confidence
97% confidence
Finding
This evaluator intentionally generates demeaning and pejorative assessments such as 'lazy', 'mediocre', 'serious concerns', and 'wake-up call' for identified individuals. In an HR-like developer evaluation context, that language creates organizational risk because it can enable harassment, biased performance judgments, and policy-violating communications that may be surfaced directly to users or managers.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
```
💬 "Analiza la eficiencia de desarrollo de Alice en este repositorio"
💬 "Muéstrame los hábitos de trabajo del equipo"
💬 "Compara la calidad del código de Alice y Bob"
💬 "¿Cuál es el índice de holgazanería de este proyecto?"
💬 "Genera un informe de evaluación completo de los desarrolladores"
Confidence
86% confidence
Finding
del equipo" 💬 "Compara la calidad del código de Alice y Bob" 💬 "¿Cuál es el índice de holgazanería de este proyecto?" 💬 "Genera un informe de evaluación completo de los desarrolladores" ``` ### 🇫🇷 Fr

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal