ClawHub

Fast Response Optimizer

Security checks across malware telemetry and agentic risk

Overview

This skill is review-worthy because it caches local agent memory/state files and includes an unrestricted shell-command helper without clear user controls.

Install only if you are comfortable with the skill reading and storing local agent memory/state files in the workspace cache. Review or remove the shell-command helper before use, and prefer an opt-in setup with a clear way to clear or disable the cache.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
70% confidence
Finding
The skill advertises executable behaviors and CLI operations but does not declare corresponding permissions, which weakens transparency and reviewability. Undeclared capabilities can hide access to environment data or execution context, increasing the chance of unintended exposure or misuse when the skill is installed or audited.

Tp4

High
Category
MCP Tool Poisoning
Confidence
92% confidence
Finding
This is a strong security concern because the documented purpose is performance optimization, but the detected behavior includes arbitrary shell-command execution via child_process.exec and CLI-style command handling unrelated to the stated scope. That mismatch can conceal dangerous functionality from reviewers and users, and arbitrary command execution can lead to full system compromise, data access, or persistence depending on runtime privileges.

Context-Inappropriate Capability

High
Confidence
94% confidence
Finding
The file exposes a helper that executes arbitrary shell commands in parallel via child_process.exec with caller-provided strings. In a skill whose stated purpose is response optimization, this capability is unrelated and materially expands the attack surface: if upstream inputs are influenced by a user, prompt, memory file, or other untrusted source, it can lead to full command execution on the host.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Auto-triggering on every message is risky because it causes the skill to run in broad, routine contexts without clear user intent, increasing exposure of any unsafe behavior in the skill. In this case, that broad trigger makes the other issues more dangerous by potentially invoking caching, file access, or execution paths on ordinary conversations.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill declares an automatic trigger on every message, which is overly broad and can cause the optimizer to run in nearly all conversations without clear scoping or user intent. In this context, that increases the chance of unintended background processing, cache refreshes, and file interactions, expanding the attack surface and creating opportunities for privacy or resource misuse.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation describes caching user profiles and memory summaries to files, but provides no notice, consent flow, retention limits, or access controls. This is dangerous because it can persist sensitive user data on disk unnecessarily, increasing exposure if the files are accessed by other skills, users, or processes.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The command runner executes arbitrary commands without any confirmation, policy gate, or warning, which makes accidental or induced execution far more likely in an agent context. Parallelization increases the blast radius by allowing multiple destructive commands to run at once before an operator can intervene.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal