ClawHub

upload-file

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: automates a user-directed browser file upload, but users should confirm the file and destination before running it.

Install only if you want agent-browser-based file upload automation. Before each use, confirm the exact destination website and the resolved local file path, and avoid uploading secrets, credentials, identity documents, medical or financial records, or internal files unless that is explicitly intended. Use scripts/upload.py rather than the documented scripts/upload_file.py unless the package is updated.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill instructs execution of shell-capable commands such as `agent-browser ...` and `python scripts/upload_file.py ...` while declaring no permissions, creating a mismatch between stated and actual capabilities. This can bypass least-privilege expectations and cause the agent to invoke local shell or environment access in contexts where operators believe the skill is non-executing or constrained.

Vague Triggers

Medium
Confidence
81% confidence
Finding
Marking the skill as something that "MUST be used for any browser file upload task" is overly broad and can force selection even when the environment, site, data sensitivity, or safer alternatives make it inappropriate. This kind of mandatory trigger increases attack surface by encouraging automatic use of a shell/browser automation skill for all upload scenarios, including those involving sensitive local files or untrusted websites.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script resolves an arbitrary local path and uploads that file to a caller-supplied remote URL with no consent prompt, allowlist, or disclosure check. In an agent setting, this creates a real exfiltration risk because a prompt or workflow could cause sensitive local workspace or home-directory files to be sent off-host silently.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal