ClawHub

Recipe Manager

Security checks across malware telemetry and agentic risk

Overview

This is a local recipe and cost-management skill whose file writes, exports, and deletion functions fit its stated purpose, with some disclosure and usability gaps users should notice.

Install only if you are comfortable storing recipe formulas and cost data in local home-directory files. Before exporting, check where the CSV/XLSX will be written and avoid using this for confidential business recipes unless local file backups, sharing, and permissions are acceptable. The package would benefit from clearer prompts or confirmations for export and delete actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill declares no required permissions, yet the detected capabilities include file read, file write, and shell access. This creates a dangerous transparency gap: users and reviewers cannot accurately assess the skill’s real execution surface, and file/shell capabilities could be abused to modify local data or execute unintended commands.

Tp4

High
Category
MCP Tool Poisoning
Confidence
92% confidence
Finding
The documented behavior does not fully disclose that the skill can delete recipes, enumerate stored recipes, and persist data to ~/.openclaw_recipes.json. Hidden deletion and persistent storage are security-relevant side effects because users may unknowingly expose sensitive business recipes, lose data, or leave recoverable information on disk.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger phrases are broad everyday terms such as 配方, 原料, and 成本, which can match normal conversation and invoke the skill unintentionally. In a skill that can persist, export, and potentially delete data, accidental invocation increases the risk of unintended file writes, data exposure, or destructive actions without clear user intent.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The markdown advertises exporting recipe data but provides no warning that this causes data to be written out to CSV/Excel or other files. For a commercial recipe database, exports may contain sensitive proprietary formulas and costs, so silent write/export behavior can cause unintentional disclosure or create data remnants on disk.

Missing User Warnings

Medium
Confidence
75% confidence
Finding
The script writes export data to predictable files in the user's home directory without any prompt, disclosure, or caller-controlled destination. In a recipe and cost-management skill, exported files may contain proprietary formulas and pricing data, so silent local persistence can expose sensitive business information to other local users, backup systems, or later accidental sharing.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal