ClawHub

Add Directories

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly a directory-list helper, but it also tells agents to submit data to external sites and create GitHub PRs despite saying submission is out of scope.

Install only if you intend to review and control the submission behavior yourself. Use it for parsing and classifying directories, but require explicit approval before any external form submission, credentialed browser session, file upload, GitHub fork, push, or PR creation, and inspect the referenced local scripts before running them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill’s declared purpose is adding/classifying local directory entries, but the workflow silently extends into discovering forms and submitting to third-party services. This scope expansion is dangerous because it can cause unintended external actions, data disclosure, and account-affecting changes under the guise of a safer local-only operation.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The manifest explicitly says the skill does not cover submission, yet the body instructs the agent to discover forms, submit via automation/manual browser interaction, and create GitHub PRs. This mismatch undermines user trust and safety boundaries, making it easier for an operator or agent to trigger impactful external actions without informed consent.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Including repo forking, cloning, branching, pushing, and PR creation goes beyond local data maintenance and introduces the ability to modify external repositories and public project history. In this context, that creates unnecessary write capabilities and increases the risk of accidental spam, unauthorized contributions, or misuse of authenticated GitHub credentials.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill describes automated submissions to third-party directories, which can create accounts, send product data, upload files, or post content externally, but it does not present a prominent upfront warning about those side effects. Without clear notice and consent, users may invoke the skill expecting analysis-only behavior while actually causing irreversible external actions.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The manual and automated submission guidance encourages entering credentials, personal details, and business information into third-party forms without a clear warning about privacy, credential exposure, and storage risks. In context, the skill also references files that may contain sensitive data, increasing the chance of accidental disclosure or unsafe handling of secrets during browser automation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal