ClawHub

Source Research

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local source-research organizer that creates persistent notes in a dedicated workspace folder, with no evidence of hidden network, credential, or destructive behavior.

Install this only if you want an agent to keep reusable source-research files in your workspace. Review `.source-research/` before committing, syncing, or sharing it, and avoid storing secrets, private targets, or sensitive internal evaluations there.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill explicitly instructs the agent to create and update persistent files under `.source-research/` and even initialize the directory via a Python script, yet no permissions are declared. This mismatch can cause silent workspace modification in environments that rely on declared permissions for user awareness, policy gating, or sandbox enforcement.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The activation criteria are broad and include many generic source-curation terms, which increases the chance the skill is invoked in loosely related contexts. Over-broad triggering is dangerous here because the skill's default behavior includes persistent recording and file creation, so accidental invocation can lead to unnecessary workspace changes.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs persistent writes to a canonical workspace directory and instructs initialization if it does not exist, but it never tells the agent to warn the user or obtain consent before modifying files. In practice, this can surprise users, overwrite repository state, or create durable artifacts from transient conversations without explicit approval.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal