ClawHub

Cc Statusline

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Claude Code statusline skill, but its setup can automatically install jq with sudo or download an executable, so it should be reviewed before use.

Before installing, be comfortable with the skill modifying ~/.claude/settings.json and installing a persistent statusline command. Prefer installing jq yourself from a trusted source first, review the preview and target path, and avoid approving automatic sudo/package-manager or binary-download steps unless you trust the source.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill instructs the agent to read and write files under `~/.claude` and execute shell scripts, but it declares no permissions. That mismatch is dangerous because users or orchestration systems may treat the skill as low-privilege while it can modify persistent configuration and run commands, increasing the chance of unintended file changes or command execution without explicit trust signaling.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
This script goes beyond merely configuring a Claude Code statusline: it installs software system-wide via package managers and downloads executable binaries from the internet. Even if jq is a legitimate dependency, bundling privileged installation and network retrieval into a statusline skill increases attack surface and can surprise users with host-level changes outside the skill's stated scope.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script performs privileged package-manager operations with sudo and falls back to downloading executable binaries, which are sensitive actions not clearly justified by a UI/statusline customization skill. If the script is triggered unexpectedly or the download path is compromised, it can modify the host environment and introduce untrusted code execution risk.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal