ClawHub

Pm Master

Security checks across malware telemetry and agentic risk

Overview

This PM planning skill is coherent, but it routes potentially confidential project material through a remote MCP service with limited privacy and control disclosures.

Before installing, confirm you are comfortable sending project planning inputs to https://mcp.smartmoves.com.cn/pm/mcp, especially confidential requirements, architecture, cost, staffing, or roadmap material. Use it in a controlled workspace, review target paths before document generation, and keep backups of existing planning files that could be overwritten.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill requires connection to a remote MCP endpoint and relies on server-injected protocol state, which can cause sensitive project content to be transmitted to an external service and can delegate workflow control to that service. In a PM skill, this is more dangerous because project plans, PRDs, architecture docs, staffing, cost, and roadmap data are often confidential business information.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs connecting to a remote MCP service without warning that project data may leave the local platform. This is dangerous because users may provide confidential requirement, architecture, budget, and delivery information under the assumption it stays local, creating an avoidable data exfiltration and compliance risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill describes generating and writing documents into workspace paths, including overwrite behavior in finalize flows, without warning the user about file creation or replacement. In a planning workspace this can silently alter project artifacts, confuse source-of-truth documents, or destroy prior drafts if names collide.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal