ClawHub

Solo File Transfer

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does the advertised document conversion and IMA upload work, but its upload helper exposes broader credentialed API access than the stated workflow needs.

Install only if you trust the publisher and intend to upload selected content to IMA. Avoid sensitive or confidential documents unless that upload is approved, use least-privilege temporary credentials where possible, and review commands carefully because the helper can make broad authenticated IMA requests and the COS uploader accepts secrets on the command line.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill demonstrates file-writing capability by converting DOCX files to Markdown and extracting images into an output directory, but it does not declare corresponding permissions. This weakens transparency and consent controls because users or hosting systems may not realize the skill can create files and directories on disk.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The exported imaApi/main path accepts an arbitrary apiPath and body and forwards them with the user's IMA credentials to the remote service, making this a generic authenticated API proxy rather than a narrowly scoped file-transfer helper. In the context of a skill advertised for document conversion and knowledge upload, this broader capability expands the attack surface and could be abused by other parts of the skill or prompt-influenced callers to invoke unintended IMA endpoints with the user's privileges.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs users to upload files, webpages, and notes to an external knowledge base without an explicit privacy or data-transmission warning. This can lead to accidental exfiltration of sensitive or regulated content because users may not understand that local documents and referenced URLs are being sent to a third-party service.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill requires API credentials via environment variables but provides no warning about secret handling, logging, or exposure risks. Even though the example masks the API key in output, users may still mishandle credentials in shell history, debug logs, screenshots, or shared environments.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
This script requires sensitive cloud credentials and session tokens to be passed via command-line arguments, which commonly exposes them through shell history, process listings, job runners, CI logs, and telemetry. In this skill context, the risk is heightened because the tool is designed for file uploads to cloud storage, so compromise of these values could allow unauthorized object uploads or broader COS access within the granted scope.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal