ClawHub

Deno A Secure Runtime For Javascript And Typescript

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it gives an agent broad Deno runtime powers that are not well scoped by its data-integration description.

Install only if you intentionally want a Membrane-backed Deno automation skill with runtime-level authority. Require explicit user approval before file deletion, directory deletion, process run/kill, environment-variable access or mutation, system exit, or non-read-only proxy requests; consider pinning the CLI version and revoking the Membrane connection when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The skill is presented as a Deno data/integration tool, but its documented capabilities include broad host-control operations such as filesystem deletion, process execution/termination, environment mutation, and system exit. This scope mismatch is dangerous because an agent may invoke powerful local-runtime actions under a benign-looking description, increasing the chance of unauthorized destructive actions or privilege abuse.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
Advertising process execution and kill capabilities in a skill meant for interacting with Deno data materially expands the attack surface into arbitrary code execution and denial of service on the local environment. In this context, those actions are not justified by the stated purpose and could be abused by prompts or workflows to run unintended commands or terminate important processes.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
Environment-variable get/set/delete operations can expose secrets, alter security-sensitive runtime behavior, or break dependent services. For a data-integration skill, this capability is over-privileged and can enable credential theft, persistence changes, or sabotage if an agent is induced to manipulate the environment.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
A documented system-exit capability allows the skill to terminate its own runtime or workflow, which can be abused for denial of service or to interrupt safeguards and auditing. Given the skill's stated purpose, this capability is unnecessary and increases operational risk without corresponding user benefit.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The activation phrase 'use when the user wants to interact with Deno data' is overly broad and underspecified relative to the powerful actions the skill exposes. Broad routing language makes accidental invocation more likely, especially when the skill can perform destructive system operations beyond normal data access.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill lists destructive and sensitive capabilities such as deleting files, killing processes, modifying environment variables, and exiting the system without any warning, consent model, or safety constraints. This omission increases the risk that an agent or user will treat these actions as routine and trigger irreversible or security-sensitive effects unintentionally.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal