ClawHub

Tally

Security checks across malware telemetry and agentic risk

Overview

This Tally skill appears useful, but its stated read-oriented scope conflicts with instructions that imply broader create, update, delete, post, or send actions.

Install only if you are comfortable giving the agent access to your Tally data, and treat any create, update, delete, post, send, webhook, or submission-changing request as requiring explicit user confirmation. Prefer a version that clearly lists the exact supported actions and separates read-only actions from mutation authority.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The manifest claims the skill is for 'searching and reading data,' but the body of the skill discusses handling arbitrary Tally actions, including create/update/delete-style operations. This mismatch can mislead downstream agents or reviewers into granting broader trust than intended, increasing the chance that state-changing operations are invoked without appropriate scrutiny.

Intent-Code Divergence

Low
Confidence
85% confidence
Finding
The file states that the skill exposes only 4 actions, all read-oriented, yet later documents generic create/update/delete/send/post behaviors. Even if those operations are not currently listed, documenting them creates ambiguity about the skill's real scope and may cause an agent to assume unsupported or unsafe actions are available.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The instruction to use this skill for 'ANY Tally request' is overly broad and can force routing of unrelated or higher-risk tasks through this skill without sufficient qualification. Broad invocation triggers increase the chance of overuse, confusion about capability boundaries, and accidental execution in contexts where more restrictive handling would be safer.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal