ClawHub

Platform Script Skills

Security checks across malware telemetry and agentic risk

Overview

This template-only skill includes examples that could reset many user passwords and mishandle sensitive email data, so it needs careful review before installation.

Install only after reviewing and editing the reference templates. Remove the bulk password-read/reset example, add explicit authorization and confirmation requirements for account or data mutations, use least-privilege platform credentials, test in a non-production environment, and avoid logging passwords, full recipient lists, or message bodies.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The listener script example enumerates account records, prints original passwords, and resets nearly all user passwords to a hardcoded value. In a script-template skill, this normalizes credential tampering as an example and provides a ready-made mass account takeover pattern, which is highly dangerous even if presented as a template.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
This template exposes both bulk access to account records and direct password overwrite operations, allowing an operator to reset many accounts except a couple of excluded usernames. Because the skill is marketed as general script templates and coding norms, including this capability materially lowers the barrier to misuse and insider abuse.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The batch email function logs that non-production environments skip actual sending, but the code path does not call sendNotification in either branch and still prints success-style messages. This mismatch can mislead operators and reviewers about whether mail is actually suppressed or delivered, creating a dangerous gap in environment controls and testing assumptions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal