ClawHub

Codebase Intelligence

Security checks across malware telemetry and agentic risk

Overview

This code-analysis skill is mostly coherent, but its project-local cache can persist source snippets and uses unsafe pickle loading that could execute code from an untrusted repository cache.

Install only if you are comfortable with local project indexing and persistent cache files. Avoid running it on untrusted repositories that may already contain .codebase-intelligence/codebase_index.pkl, delete existing cache files before use, keep generated cache/export files out of version control, and avoid indexing sensitive config or secret-containing files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The index persists structured metadata plus `content_preview`, which stores the first 500 characters of each indexed file and writes it to both pickle and JSON cache files. In a codebase-analysis skill, this can unintentionally retain source code fragments, comments, secrets, or proprietary material on disk beyond the immediate analysis session, increasing data exposure if the cache is accessed, committed, or shared.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
By default, the tool creates `.codebase-intelligence` under the target project and writes persistent cache artifacts there. In a codebase-indexing context this is risky because it modifies the analyzed repository and can leave behind sensitive metadata or code excerpts that may be accidentally committed, exposed to other tools, or read by users with access to the project directory.

Missing User Warnings

Low
Confidence
76% confidence
Finding
The skill writes persistent cache and export artifacts into the analyzed project or user-specified paths, but the documentation does not present this as a clear operational warning before use. This can lead to unintended repository modifications, leaked indexed metadata, or accidental inclusion of generated files in commits/CI artifacts, especially when analyzing sensitive codebases.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The code saves indexed data, including content previews, to persistent cache files with only generic 'cache saved' messaging and no explicit disclosure that code snippets are being written to disk. This weak transparency can cause users to unknowingly persist sensitive source fragments, secrets in comments/configs, or proprietary code into files that may outlive the session.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The ask command enables LLM-backed answering by default and may send codebase-derived context to an external model without an explicit warning or consent step. In a codebase-intelligence skill, users are especially likely to analyze proprietary source, secrets, internal architecture, or regulated data, so silent external transmission materially increases confidentiality and compliance risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal