ClawHub

realtime-interact-overlay

Security checks across malware telemetry and agentic risk

Overview

The skill’s dialog/overlay purpose is coherent, but it has review-worthy safety gaps around browser injection and supposedly hidden sensitive input.

Install only after reviewing the implementation or receiving an update that escapes browser modal content, avoids unsafe innerHTML use, and implements genuinely hidden password entry. Do not use it for passwords, payments, account approvals, or file-deletion confirmations until those issues are fixed and the required local/browser permissions are clearly documented.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documents direct shell execution of local Python scripts for system dialogs and browser modal injection, but declares no permissions. That mismatch can mislead users and the hosting platform about the skill's real capabilities, reducing scrutiny around actions that can affect the local system or active browser session. In this context, the skill is specifically designed to mediate sensitive actions like file deletion and payment confirmation, which makes undeclared shell capability more dangerous than a purely informational skill.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The code advertises a hidden/password mode, but the `hidden=True` branch still uses a normal `display dialog ... default answer ""` flow and does not enable hidden input. In this skill's context, that is especially dangerous because it is explicitly intended for sensitive interactions like payment passwords, so users may disclose secrets believing they are masked when they are actually visible on screen.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal