ClawHub

rsa-ctf-skills

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed RSA CTF-solving skill with an online FactorDB lookup mode that users should treat as public-data-only.

Install only if you intend to use it for authorized CTF, lab, or educational RSA challenges. Avoid FactorDB mode for private keys, internal test keys, confidential challenge infrastructure, or real-world investigation targets unless you are comfortable sending the modulus to factordb.com.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill declares a network-capable dependency and explicitly references online use of factordb, but no corresponding permission model or user-facing disclosure is documented. This can lead to unexpected outbound requests, which matters because users may provide sensitive challenge material or local-only data and not realize it may be transmitted to a third party.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger condition is broad enough to activate on many generic requests involving RSA decryption, factorization, or cryptography analysis, without narrowing to legitimate CTF contexts. Over-broad activation increases the chance the skill is invoked for real-world cryptographic targets or in situations where use should be restricted or reviewed.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The activation condition states when to use the skill but not when not to use it, so it may be selected for ambiguous cryptography-help requests that fall outside intended safe use. In a skill designed around RSA attacks, unclear boundaries materially raise misuse risk because the tool operationalizes offensive techniques.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code sends the user-supplied RSA modulus to factordb.com over the network without any explicit disclosure, consent, or offline-only option. Even though this is a CTF-oriented tool, modulus values may come from private challenge infrastructure or non-CTF material, and transmitting them to a third party can leak sensitive cryptographic metadata and usage context.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal