ClawHub

Command Flow

Security checks across malware telemetry and agentic risk

Overview

This looks like a real command dashboard, but it marks powerful admin commands as safe and uses broad triggers that could surface command actions too casually.

Review before installing. Use it as a command reference, but do not rely on green SAFE labels for admin, token, message, scheduler, gateway, plugin, reset, memory, session, update, or uninstall commands. Treat command buttons and natural-language shortcuts as potentially powerful and require deliberate user confirmation before running anything that changes local or account state.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The file documents `getAllCommands()` as excluding hidden commands by default, but other exported helpers such as `searchCommands()` and `getCommandBySlug()` call `getAllCommands(true)`, which includes hidden entries. This creates an access-control-by-obscurity flaw: supposedly hidden/destructive commands can still be discovered or resolved programmatically, increasing the chance of accidental exposure or invocation by other components.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list is unusually broad and includes generic phrases like “所有命令”, punctuation-like patterns such as “//”, and common navigation terms like “下一页/上一页”. This can cause accidental invocation in normal conversation or while interacting with other skills, increasing the chance that the skill intercepts requests the user did not intend for it to handle.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The documentation explicitly encourages users to activate the skill through vague natural-language phrases such as “说中文就懂” and multiple loosely bounded utterances. Without strong routing boundaries, this raises the risk of unintended activation or command discovery behavior being triggered from ordinary conversation rather than deliberate user intent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal