ClawHub

Project- & Time-Capsules

Security checks across malware telemetry and agentic risk

Overview

This skill has a legitimate project-archive purpose, but it needs review because it can upload project context and arbitrary files to cloud storage and its helper script uses unsafe shell command construction.

Review before installing. Use only with a dedicated low-privilege rclone remote, avoid storing secrets or regulated data, confirm exactly what files and project context will be uploaded, and avoid untrusted capsule names or file paths until the script removes shell=True and adds validation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def run(cmd):
    """Run a shell command and return (stdout, stderr)."""
    try:
        result = subprocess.run(cmd, shell=True, capture_output=True, text=True, timeout=30)
        return result.stdout.strip(), result.stderr.strip()
    except subprocess.TimeoutExpired:
        return "", "Error: Command timed out after 30 seconds"
Confidence
99% confidence
Finding
result = subprocess.run(cmd, shell=True, capture_output=True, text=True, timeout=30)

Lp3

Medium
Category
MCP Least Privilege
Confidence
97% confidence
Finding
The skill instructs the agent to use shell commands, environment variables, and file-writing behavior, but it does not declare permissions or constraints for those capabilities. In a skill that can upload project summaries, context, and arbitrary files to cloud storage via rclone, this omission increases the chance of unintended execution or exfiltration without explicit user awareness or policy enforcement.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases are very broad and overlap with normal project-management language such as 'save this project' or 'archive this', making accidental activation likely. In this skill's context, accidental activation is more dangerous because it can cause project knowledge or files to be written locally and synchronized to external cloud storage, potentially exposing sensitive information.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The description does not prominently warn that the skill stores project knowledge and files on external cloud remotes such as Google Drive, OneDrive, or S3. Because the skill is specifically designed to archive summaries, details, context, and associated files off-system, missing disclosure meaningfully increases the risk of users unintentionally sending confidential or regulated data to third-party storage.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal