ClawHub

version-master

Security checks across malware telemetry and agentic risk

Overview

This skill is a local file-versioning tool, but its shared snapshot storage can expose, restore, or delete histories from other workspaces.

Review before installing, especially if you work across multiple private projects. Avoid snapshotting secrets, credentials, proprietary code, or personal files unless you are comfortable with persistent local copies under ~/.workbuddy that may be visible from other workspaces. Treat restore and clean confirmations carefully because they may affect snapshot history that was created outside the current workspace.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The documentation states that all workspaces share the same storage directory and that snapshots are accessible across workspaces. That breaks isolation expectations for a 'single-file version management' skill and can expose or restore data from unrelated projects, creating confidentiality and integrity risks across workspace boundaries.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The lookup logic deliberately falls back to matching any stored history with the same relative path across workspaces, so a user in one workspace can list and later act on snapshots created in another workspace. In this tool's context, snapshots contain full file contents, making this an information-disclosure and integrity problem rather than a harmless metadata mix-up.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
Although _validate_path prevents writes outside the current workspace, restore_version can still load a version file selected via cross-workspace rel_path matching and write that foreign content into the current workspace file. This breaks workspace isolation and can overwrite a local file with unrelated or sensitive content from another project, causing both data leakage and file corruption.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The activation description is broad enough to trigger on general requests about recovery or versioning, which can cause the agent to invoke file-reading and file-writing functionality without sufficiently precise user intent. In a skill that can overwrite files and manage persistent snapshots, over-triggering increases the chance of unintended access or destructive actions.

Vague Triggers

Medium
Confidence
82% confidence
Finding
Examples such as 'save it' or 'go back to previous version' are ambiguous unless the file context is unambiguous and recently established. In this skill, ambiguous triggers are more dangerous because the tool can read file history and restore content, potentially operating on the wrong file or causing accidental rollback.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The tool persists complete file snapshots under the user's home directory, but its interface does not clearly warn users that potentially sensitive file contents will be retained outside the project tree. In an agent skill context, this can lead to silent long-term storage of secrets, credentials, proprietary code, or personal data that users may not expect to be copied.

Self-Modification

High
Category
Rogue Agent
Content
The following operations require explicit user confirmation:

1. **Version restore** / 版本恢复 - Will overwrite current file content
2. **Version delete** / 版本删除 - Permanently deletes snapshot data

Before calling these operations, the AI must:
Confidence
90% confidence
Finding
overwrite current file

Session Persistence

Medium
Category
Rogue Agent
Content
The following operations require explicit user confirmation:

1. **Version restore** / 版本恢复 - Will overwrite current file content
2. **Version delete** / 版本删除 - Permanently deletes snapshot data

Before calling these operations, the AI must:
Confidence
84% confidence
Finding
write current file content 2. **Version delete** / 版本删除 - Permanently deletes snapshot data Before calling these operations, the AI must: 1. Show operation details and risks / 显示操作详情和风险 2. Wait for e

VirusTotal

38/38 vendors flagged this skill as clean.

View on VirusTotal