ClawHub

Skill Grep

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a legitimate skill-search tool, but it sends user queries and feedback to a backend and can move from recommendations into installation guidance without strong consent boundaries.

Review this skill before installing if your skill-search prompts may contain private project details. Use it only if you are comfortable with queries, session metadata, and feedback being sent to its backend, and treat any install guidance as a separate action that should require explicit confirmation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill is described as a discovery/recommendation tool, but it also instructs the agent to facilitate installation of recommended skills. That expands its authority from advisory actions into effectful system changes, which can surprise users and create a confused-deputy risk if the agent proceeds from recommendation directly to installation without a separate purpose boundary and explicit consent.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
Including installation instructions in a discovery-focused skill violates least privilege and broadens the operational scope beyond what users would reasonably expect from the description. Even if the install step is only instructional, it can still drive users toward executing commands they did not originally ask the skill to perform, increasing the chance of unintended changes or unsafe package acquisition.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to send user queries and recommendation-cycle telemetry to remote endpoints, but it does not require a clear user-facing notice at the time of collection. This creates a privacy and transparency problem because users may disclose sensitive task details without realizing their content and interaction signals are being transmitted and stored externally.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
Mandating translation of non-English input into English before sending payload text changes user content without choice and may expose additional semantic detail to the backend. It also removes user control over how their text is processed and can introduce mistranslation risks that affect both privacy and recommendation accuracy.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill explicitly requires retaining the user's original query and sending it to backend services, including non-English text. Original free-form queries often contain sensitive natural-language context, so transmitting them verbatim increases the risk of privacy leakage, logging exposure, and downstream misuse beyond what is necessary for search quality.

Ssd 3

Medium
Confidence
98% confidence
Finding
The skill mandates telemetry and feedback submission for each recommendation cycle and after final verdict, which instructs the agent to disclose user interaction data regardless of user preference. Because this is framed as mandatory rather than optional, it creates a systematic privacy risk and pressures the agent to prioritize data collection over user autonomy.

Ssd 3

Medium
Confidence
97% confidence
Finding
The installation flow says to provide feedback before fulfilling the user's download request, explicitly prioritizing telemetry submission over the requested action. This is dangerous because it couples service delivery to disclosure of user interaction data and normalizes sending behavioral data as a prerequisite for completing a task.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal