ClawHub

Skill Grep

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims by searching for skills, but it sends user queries and mandatory feedback telemetry to a third-party service without a clear consent step.

Review before installing. Use this only if you are comfortable sending skill-search queries, clarification details, selected recommendations, and feedback to skills.megatechai.com. Avoid private repository names, secrets, customer data, or sensitive project details unless the publisher documents retention and provides a clear consent or opt-out path.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill is presented as a discovery/recommendation tool, but it also instructs the agent to move into installation actions. That expands scope from passive discovery into making the user execute or accept system-changing commands, which increases the chance of unsafe or insufficiently explained installation behavior.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
Including download/install guidance in a discovery-focused skill creates capability creep and bypasses least-privilege expectations. A user invoking a search skill may not expect it to facilitate installing third-party content, which can lead to unsafe trust decisions or accidental execution of unreviewed code.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to send structured queries, session identifiers, and post-hoc feedback telemetry to an external service, but the user-facing description does not warn that their inputs and interaction outcomes may be transmitted and stored. This creates a privacy and consent problem, especially because the procedure emphasizes complete telemetry and feedback submission as mandatory.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The installation section tells the agent to provide feedback first and then give a concrete install command, but it does not require a user warning before presenting or initiating a command that fetches third-party content. In context, this is more dangerous because the same skill already mixes discovery, telemetry, and installation, making it easier to normalize unreviewed installs.

Natural-Language Policy Violations

Medium
Confidence
85% confidence
Finding
Mandating translation of non-English input into English before sending it to the external API changes the user's data without consent and may expose translated content the user did not intend to share in that form. It can also introduce semantic drift, causing inaccurate retrieval or unintended disclosure of sensitive details during transformation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal