ClawHub

Nex Reports

Security checks across malware telemetry and agentic risk

Overview

This reporting skill is mostly transparent, but it needs Review because it includes an unbounded custom shell-command module alongside sensitive report delivery paths.

Install only if you trust the publisher and will control the report configurations. Avoid using the CUSTOM module unless you fully understand the command being run, prefer local file output for sensitive reports, use app-specific IMAP credentials, and treat Telegram delivery as sharing report contents with a third-party service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Output HandlingUnvalidated Output Injection, Cross-Context Output, Unbounded Output
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (32)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
"items": [],
            }

        result = subprocess.run(
            command,
            shell=True,
            capture_output=True,
Confidence
99% confidence
Finding
result = subprocess.run( command, shell=True, capture_output=True, text=True, timeout=10, )

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The manifest advertises substantial capabilities including environment-variable access, file read/write, network access, and shell execution, but does not declare permissions or provide clear scoping. This weakens reviewability and informed consent, especially because the skill aggregates sensitive business data and can exfiltrate or persist it through Telegram, files, and external commands.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The documented behavior exceeds the stated purpose of aggregating specific Nex business tools by also supporting IMAP email access, local calendar/taskboard ingestion, arbitrary shell execution, and general CRUD/history operations. This description-behavior gap is dangerous because it conceals materially broader data access and execution capability than a user would expect from a reporting meta-skill.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The README expands the skill from a bounded report aggregator over specific Nex tools into broader data-access and execution capabilities: IMAP mailbox access, ICS parsing, local taskboard reads, and especially arbitrary shell command execution. This scope creep increases privileges and access to unrelated sensitive data, violating least privilege and making the skill materially more dangerous than its stated business-reporting purpose.

Context-Inappropriate Capability

Critical
Confidence
99% confidence
Finding
Allowing a CUSTOM module to run arbitrary shell commands turns a reporting skill into a general command-execution primitive. If an attacker can influence report configuration, module parameters, or scheduled execution, this could lead to arbitrary code execution, data theft, persistence, or destructive system changes under the user's account.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
Documenting undeclared EMAIL, CALENDAR, TASKS, and CUSTOM modules confirms that the skill's effective capabilities exceed its described trust boundary. Even when some modules seem low risk, the hidden expansion of accessible data sources and local resources undermines reviewability and can expose sensitive mailbox, calendar, or filesystem data unexpectedly.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
Requiring IMAP credentials for an EMAIL module introduces access to potentially sensitive mailbox contents that are unrelated to the stated Nex-tool reporting scope. This broadens the blast radius from business telemetry into personal or corporate communications, creating confidentiality and credential-handling risks.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill markets itself as a report aggregator for a defined Nex toolset, but the markdown additionally exposes unrelated email, calendar, taskboard, and command-execution modules. This unjustified expansion increases the attack surface and makes it easier to collect sensitive local or remote data under the cover of a benign reporting workflow.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
A CUSTOM module that runs arbitrary shell commands gives a reporting skill general code-execution capability unrelated to its stated function. In context, this is especially dangerous because report scheduling and output delivery provide a natural path to automate execution and potentially expose command output through saved files or Telegram messages.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The skill metadata says this package aggregates data from specific Nex tools, but the configuration expands scope to unrelated inputs including IMAP email, local calendar/task files, and especially arbitrary custom commands. That mismatch materially increases the attack surface and enables collection or execution capabilities users would not reasonably expect from the advertised reporting skill.

Context-Inappropriate Capability

Critical
Confidence
99% confidence
Finding
Defining a "Custom Command" module that runs an arbitrary shell command creates a direct code-execution primitive inside a reporting skill. In this context, the capability is unjustified by the stated business reporting purpose and could be abused to execute system commands, exfiltrate data, modify files, or establish persistence if any report configuration is attacker-controlled or influenced.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
Adding IMAP-based email access introduces access to sensitive mailbox contents and credentials that are outside the manifest's stated Nex-tool aggregation scope. Even though this file only defines configuration, the declared capability signals the skill can ingest private communications and expands exposure if later used without clear consent and minimization.

Context-Inappropriate Capability

Medium
Confidence
82% confidence
Finding
Calendar ICS and taskboard JSON ingestion broaden the skill beyond the described Nex-tool sources into arbitrary local file access. In a reporting tool, that means potentially sensitive operational or personal data can be read from paths supplied in configuration, creating unjustified data exposure and a larger attack surface.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The skill advertises aggregation of predefined Nex business tools, but this code also accesses IMAP mail, local calendar files, and taskboard data. That scope expansion increases access to unrelated sensitive data and violates least privilege, making the skill more dangerous in context because operators may grant trust based on the narrower manifest.

Context-Inappropriate Capability

Critical
Confidence
99% confidence
Finding
An arbitrary shell-command feature is unrelated to a report-generation meta-skill that is supposed to aggregate specific Nex tool outputs. This creates a hidden high-risk capability that can be abused for unrestricted code execution and makes the mismatch with the manifest especially dangerous because users would not expect or approve such power.

Description-Behavior Mismatch

Critical
Confidence
99% confidence
Finding
The ability to execute arbitrary shell commands substantially exceeds the described behavior of combining predefined Nex reports. In context, this is not just feature creep; it is a powerful hidden execution primitive that can be exploited to run any local command under the agent's privileges.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The README encourages email integration and mailbox access but gives no warning about the sensitivity of IMAP credentials or mailbox data. In context, this increases the chance of insecure deployment practices, over-collection of data, and accidental exposure of account secrets during setup or troubleshooting.

Missing User Warnings

High
Confidence
98% confidence
Finding
Advertising arbitrary shell-command execution without strong safety warnings normalizes a highly dangerous capability in a routine reporting tool. Because this skill also supports scheduling, unsafe commands could be executed repeatedly and unattended, increasing the likelihood and severity of misuse.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The description promotes Telegram delivery and file storage of aggregated business data but does not warn users that sensitive operational, financial, contractual, or customer-related information may be persisted locally or transmitted to a third-party messaging platform. Lack of disclosure increases the chance of unintentional data leakage and improper handling of confidential reports.

Missing User Warnings

High
Confidence
98% confidence
Finding
Documenting arbitrary shell command execution without a strong safety warning normalizes a highly dangerous capability inside a business reporting skill. Users may reasonably assume commands are limited to reporting helpers, when in fact this enables broad system interaction and possible data theft, persistence, or destructive actions.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The configuration defines arbitrary shell command execution without any visible warning, trust boundary explanation, or disclosure in this file, which makes the dangerous capability easier to hide inside an apparently benign reporting skill. Lack of transparency increases the chance of unsafe deployment and user misunderstanding around a highly sensitive execution feature.

Missing User Warnings

High
Confidence
93% confidence
Finding
The arbitrary command execution path has no warning, confirmation, or permission boundary despite enabling dangerous system-level actions. This makes accidental misuse and stealthy abuse far more likely, especially in an automation context where scheduled jobs may run unattended.

Missing User Warnings

Medium
Confidence
76% confidence
Finding
This module connects to an IMAP mailbox using configured credentials and reads unread message headers without any obvious user-facing warning or consent flow. While not an exploit primitive by itself, it accesses sensitive communications data beyond the declared Nex-tool aggregation scope, increasing privacy and over-collection risk.

Unvalidated Output Injection

High
Category
Output Handling
Content
Run `nex-healthcheck check` subprocess.
    """
    try:
        result = subprocess.run(
            ["nex-healthcheck", "check"],
            capture_output=True,
            text=True,
Confidence
74% confidence
Finding
subprocess.run( ["nex-healthcheck", "check"], capture_output

Unvalidated Output Injection

High
Category
Output Handling
Content
Run `nex-crm pipeline` subprocess.
    """
    try:
        result = subprocess.run(
            ["nex-crm", "pipeline"],
            capture_output=True,
            text=True,
Confidence
74% confidence
Finding
subprocess.run( ["nex-crm", "pipeline"], capture_output

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal