ClawHub

Developer Utils

Security checks across malware telemetry and agentic risk

Overview

This is mostly a normal developer-tools skill, but some examples can automatically install software on the user's machine during routine utility tasks.

Review commands before allowing an agent to run them. Do not execute the QR or ASCII examples unchanged unless you are comfortable with Homebrew installing qrencode, zbar, or figlet; replace placeholder tokens and passwords with non-sensitive test values, and avoid using the network examples with private hosts, real bearer tokens, or confidential data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The QR code example goes beyond passive data transformation and performs host modification by invoking Homebrew to install software automatically. In an agent skill context, this creates unnecessary system-change capability and increases risk of unreviewed package installation, especially if triggered without explicit user consent.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The QR reader example automatically installs zbar through Homebrew, which modifies the local machine despite the stated purpose being QR decoding. Skills should not silently expand their privileges or alter the host environment just to satisfy a utility task.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The ASCII art example auto-installs figlet, introducing package-management side effects unrelated to the core transformation task. In a skill execution environment, automatic dependency installation can be abused to change the host state or pull in unexpected software.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill advertises network tools such as IP lookup, HTTP test, and port check without clearly warning that user-supplied data may be transmitted to external services. In an agent setting, this can lead to unintended disclosure of internal URLs, tokens, IPs, or other sensitive material.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
These examples perform package installation and create outputs without an upfront safety warning or explicit approval step. Hidden host modifications are risky in a skill because users may expect a simple conversion utility, not software installation or filesystem side effects.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal