ClawHub

code-doc-guid

Security checks across malware telemetry and agentic risk

Overview

This skill locally indexes a codebase and writes dependency reports under `.trae`, which is disclosed and aligned with its navigation purpose.

Install only if you are comfortable with the agent creating a `.trae` directory in repositories and storing local metadata such as file paths, symbols, imports, and docstrings. Add `.trae` to `.gitignore` or review generated files before committing them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill clearly instructs the agent to read files, modify project state indirectly via index/report generation, and execute shell commands, yet it declares no permissions. That mismatch undermines permission-based trust decisions and can cause the skill to be invoked with capabilities users or policy systems did not knowingly approve.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The stated description frames the skill as a navigation/documentation helper, but the behavior includes persistent database creation, git-based repository inspection, dependency graph computation, and writing multiple analysis artifacts. This broader operational scope increases the chance that users or orchestration layers will authorize it under a weaker trust model than its actual capabilities warrant.

Description-Behavior Mismatch

Medium
Confidence
83% confidence
Finding
The skill presents itself primarily as a navigation/documentation assistant, but it also creates persistent local state in .trae/codebase.db and writes analysis artifacts such as codeguiddoc.md, architecture_layers.md, and dependency_graph.json. Hidden write behavior increases the blast radius of using the skill in sensitive repositories because merely inspecting or indexing code can modify the workspace and leave potentially sensitive metadata on disk.

Intent-Code Divergence

Low
Confidence
86% confidence
Finding
The inspect function claims to output a structured summary, but it also writes a Markdown report to disk as a side effect. This mismatch can mislead callers and autonomous agents into performing unintended file writes during what appears to be a read-only inspection step, which is especially risky in workflows that assume analysis commands are non-mutating.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The tool writes analysis artifacts to disk without prominent user-facing disclosure at the point of use. In security-sensitive or clean-worktree environments, undisclosed writes can leak repository structure, create unexpected files that may be committed accidentally, and violate assumptions made by higher-level automation using the skill.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal