ClawHub

Tool Finder

Security checks across malware telemetry and agentic risk

Overview

Tool Finder appears to be a legitimate tool-search helper, but it also encourages broad automatic invocation and can install skills non-interactively, so users should review it before installing.

Install only if you want this skill to become a default marketplace search workflow. Before using install commands, confirm the exact package name and source, avoid adding the suggested AGENTS.md rules unless you want persistent automatic behavior, and prefer manual review or an interactive install flow for third-party skills.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill is described as a search/discovery engine, but it also exposes an install path that runs a package installation command. In an agent setting, that mismatch is security-relevant because a caller expecting read-only discovery may trigger state-changing behavior that fetches and installs untrusted third-party code.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The guide instructs the agent/user to run installation commands that modify the local environment without an explicit warning, confirmation step, or discussion of risks. In this skill’s context, that is more concerning because the document also pushes automatic use of the tool-finder workflow, increasing the chance that agents execute install actions reflexively rather than treating them as sensitive operations.

Vague Triggers

High
Confidence
95% confidence
Finding
The skill instructs the agent to auto-trigger on very common phrases like finding tools, installing skills, or mentioning marketplaces, which can cause unintended invocation in ordinary conversations. In an agent environment, overbroad activation increases the chance of unnecessary external commands, network access, and follow-on install actions without sufficiently explicit user intent.

Vague Triggers

High
Confidence
96% confidence
Finding
The trigger table uses ambiguous keywords such as 'ClawHub', 'Smithery', '推荐工具', and installation-related phrases that may appear in benign discussion, causing the skill to run when the user may only be asking a conceptual question. Because the skill is designed to execute searches and potentially lead to installation workflows, weak scope constraints materially increase the risk of unintended actions.

Vague Triggers

High
Confidence
97% confidence
Finding
The instruction to 'immediately call tool-finder' on seeing listed keywords removes normal safety checks around user intent and proportionality. In practice this can make the agent perform external lookups too eagerly and normalize automatic tool execution, which is unsafe in environments where network access or command execution should be deliberate.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The trigger guidance maps installation-related user phrases directly to an install command, but does not require a user-facing warning that the environment will be modified. That creates a risk of the agent making system changes with insufficient transparency, especially when the request is casual or ambiguous.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The examples normalize immediate installation execution after a brief user request and omit a safety notice about modifying the environment. Example-driven agent behavior can strongly influence downstream implementations, so this pattern can lead to unsafe default behavior in real use.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script performs a non-interactive install with `npx clawhub@latest install "$name" --no-input`, which suppresses confirmation and can change the local environment immediately. In an agent workflow, this is dangerous because a natural-language request like 'install skill' could cause automatic execution of remote package installation without a clear, separate safety checkpoint.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal