ClawHub

system-file-handler

Security checks across malware telemetry and agentic risk

Overview

This appears to be a filesystem helper with expected file access, but its delete, move, and write powers are not clearly scoped or guarded.

Install only if you trust the publisher and will use it in a constrained workspace. Treat delete, move, and write requests as capable of changing or removing real local files; prefer a sandboxed directory, backups, and explicit confirmation before destructive actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill advertises destructive operations such as delete and move without a dedicated warning, confirmation guidance, or scope limitations. In a filesystem skill, this increases the chance of accidental or socially engineered destructive actions, especially because the skill can write, delete, and move arbitrary paths through the backend MCP server.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The manifest advertises write, delete, and move operations but provides no explicit user-facing warning, confirmation requirement, or scope limitation for destructive actions. In a filesystem skill that forwards requests to an external MCP server, this increases the risk of accidental or unauthorized data modification because users and downstream orchestrators may invoke dangerous operations without clear safety context.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The manifest explicitly advertises destructive filesystem capabilities such as writing, deleting, and moving files, but provides no user warning, scope restriction, confirmation requirement, or disclosure of what paths may be affected. In a filesystem skill backed by an external MCP server that performs real IO, this increases the risk of accidental or unauthorized destructive actions against arbitrary files on the host.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger list advertises broad filesystem capabilities including read, write, delete, move, and directory creation, but the manifest provides no scope restrictions such as allowed roots, path validation, or exclusions for sensitive locations. In a skill that proxies requests to an external filesystem server, this can enable destructive or privacy-impacting operations if invoked on arbitrary paths.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The manifest clearly exposes file-modifying and deletion functionality, but it does not warn users that the skill can irreversibly alter or remove data. Without explicit destructive-action disclosure, users or calling agents may invoke it without understanding the consequences, increasing the chance of accidental data loss.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal