ClawHub

LMP Label Generator

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is coherent for generating label files locally, with an optional disclosed cloud preview that sends label content only when the user configures an endpoint.

Safe to install for local label generation if you are comfortable with files being saved to Downloads. Leave apiEndpoint empty for local-only use. If you enable cloud preview, use only a trusted HTTPS endpoint and avoid sending labels that contain sensitive names, addresses, product details, or private barcodes. Ignore the stale API-key documentation unless a future version explicitly declares an API-key configuration.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The screenshot guidance references opening generated labels via openUrl, seeing 'OC push' results in 'My Labels', and showing an apiKey configuration example, which expands the apparent data-sharing and remote-service behavior beyond the stated metadata claim that cloud preview only occurs when config.apiEndpoint is explicitly set. This kind of documentation inconsistency can mislead reviewers and users about where label data is sent and what credentials are needed, increasing the risk of unintentional external transmission or concealed integration with a remote service.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The README explicitly mentions an apiKey configuration example, which contradicts the declared external configuration model centered on config.apiEndpoint. A mismatch about whether credentials are required, and for what service, is security-relevant because it can hide outbound integrations, encourage unsafe secret handling, and prevent users from giving informed consent about external data access.

Vague Triggers

Medium
Confidence
89% confidence
Finding
Overly broad triggers like 'create label' and similar generic phrases increase the chance that the skill activates during unrelated conversations, causing unintended file creation and possibly HTTP requests if apiEndpoint is configured. Because this skill can write local files and optionally transmit label contents to a remote endpoint, accidental activation has meaningful privacy and integrity implications.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The Chinese trigger set contains broad everyday phrases like '生成标签' and '设计标签', which can easily match benign conversation and invoke the skill unexpectedly. In this skill context, false activation is more dangerous because execution includes filesystem writes and may send user-provided label content to a configured external preview service.

Vague Triggers

High
Confidence
96% confidence
Finding
Single-word compliance triggers such as 'FDA', '合规', or 'EU label' are highly ambiguous and can match many ordinary regulatory questions, causing the skill to activate outside the user's intent. Given that the skill may create artifacts and can exfiltrate sensitive label content to a configured endpoint, this broad activation surface materially raises the risk of unintended processing and privacy exposure.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal