ClawHub

Claude Installer

Security checks across malware telemetry and agentic risk

Overview

This installer skill has a coherent purpose, but it would make persistent package-source and tooling changes without enough scoping or user control.

Review before installing. Only use this if you are comfortable with global package installs and a persistent npm registry change to a third-party mirror. Prefer asking the agent to use official upstream sources, confirm before installing prerequisites, avoid changing global npm config, and verify the cc-switch source before entering any API key.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill states that missing prerequisites will be automatically installed, which modifies the host system, but it does not clearly warn the user or require explicit confirmation before doing so. In an agent context, silent package installation increases the risk of unintended system changes, supply-chain exposure, and user surprise, especially because the downloads are said to come from mirror sources rather than the default vendor channels.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The npm registry change is a persistent configuration modification that affects future package installs beyond this skill, yet the instructions do not warn the user about that lasting effect. This is dangerous because it can silently redirect package resolution to a third-party mirror for unrelated workflows, expanding supply-chain risk and making later behavior harder to audit.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The skill describes use of Tsinghua mirror sources by default for missing tool installation without presenting alternatives or region-based justification. Forcing a region-specific mirror in a general installation skill is risky because it changes trust boundaries and may route users to infrastructure they did not choose, which is especially sensitive for developer tooling installation.

Natural-Language Policy Violations

Medium
Confidence
96% confidence
Finding
The instruction to set the npm registry to https://registry.npmmirror.com/ unconditionally imposes a China-specific package source without opt-in or alternatives. In a skill that installs global CLI tooling, this increases supply-chain and integrity risk because all subsequent npm operations may use a non-default registry selected by the skill rather than by the user.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal