ClawHub

Clawie Research Agent

Security checks across malware telemetry and agentic risk

Overview

This is a public research helper that uses visible web, GitHub, Hacker News, and npm lookups; it has privacy caveats but no evidence of hidden, destructive, or deceptive behavior.

Install only if you are comfortable with the agent sending research queries to public services and using local CLI tools. Do not use it with secrets, private customer data, internal incident details, or confidential business plans unless you have approved those external lookups.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def npm_search(package: str, limit: int = 5) -> list:
    """Search NPM for packages."""
    try:
        result = subprocess.run(
            ["npm", "search", package, "--json"],
            capture_output=True, text=True
        )
Confidence
80% confidence
Finding
result = subprocess.run( ["npm", "search", package, "--json"], capture_output=True, text=True )

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill embeds executable shell commands that perform network access and tool invocation, but it declares no permissions or constraints. That mismatch can cause an agent or reviewer to underestimate its ability to transmit data externally or execute environment-dependent commands, increasing the chance of unintended data exposure or unsafe execution.

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The skill promises broad, structured research reporting, but the concrete behavior relies on a small set of developer-focused commands and raw service queries. This mismatch is dangerous because users and orchestrators may route sensitive or general-purpose research tasks to a skill that actually performs external lookups and may return incomplete, misleading, or improperly formatted results.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill includes instructions for collecting live data from external services without warning the user that queries, topics, or potentially sensitive input may be sent to third parties. In a research context, this is more dangerous because prompts may contain confidential business plans, internal investigation topics, or other sensitive material that should not be disclosed externally by default.

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Web search (DuckDuckGo)
curl -s "https://api.duckduckgo.com/?q=QUERY&format=json" | jq '.RelatedTopics[:5]'

# GitHub (repos, stars, activity)
gh search repos "TOPIC" --limit 20 --json name,description,stargazersCount,url
Confidence
93% confidence
Finding
https://api.duckduckgo.com/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal