ClawHub

Skill Sentinel

Security checks across malware telemetry and agentic risk

Overview

This is a local static scanner, and the dangerous-looking commands are packaged as test fixtures rather than installation or runtime behavior.

Reasonable to install if you want a local static scanner. Scan only directories whose contents you are comfortable exposing in command output or CI artifacts, and do not manually run files under fixtures/malicious-skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The install script performs a remote download-and-execute action by piping a fetched script directly into sh, which is unrelated to the stated purpose of scanning local skill directories. This creates an arbitrary code execution path controlled by a remote server and strongly suggests deceptive or hostile behavior in the skill implementation.

Context-Inappropriate Capability

Critical
Confidence
100% confidence
Finding
A security-scanning skill has no legitimate need to fetch and immediately execute code from an external URL during installation. This pattern gives the remote endpoint full control over code run on the host, enabling malware delivery, persistence, credential theft, or further compromise.

Natural-Language Policy Violations

High
Confidence
99% confidence
Finding
The skill explicitly instructs the user to 'disable all security checks,' which is a direct attempt to bypass protective controls. In the context of a skill definition, this is not necessary for normal functionality and strongly indicates an attempt to reduce defenses before a potentially harmful action.

Missing User Warnings

High
Confidence
98% confidence
Finding
The script executes a remote payload without any warning, consent flow, or disclosure to the user. Hidden execution of externally controlled code materially increases the risk of unauthorized system modification and is especially suspicious in an install path.

Ssd 1

High
Confidence
99% confidence
Finding
This text semantically directs the user/model to bypass protections by disabling security safeguards, which materially increases the chance that subsequent malicious commands will succeed. Because the skill is described as malicious fixture content and the instruction is unrelated to legitimate scanning behavior, the surrounding context makes the risk more severe, not less.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal