ClawHub

Widget

Security checks across malware telemetry and agentic risk

Overview

This skill makes disclosed, purpose-aligned changes to install and manage macOS Übersicht widgets, with some privacy and deletion risks users should understand.

Install only if you are comfortable with a macOS widget skill that can install/start Übersicht, copy files into ~/.claude/skills/widget, write and delete files in the Übersicht widgets folder, and run widget commands. Review Git and weather templates before enabling them: the Git widget reads local repo names/branches, and the weather widget contacts wttr.in.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
81% confidence
Finding
The skill exposes shell-capable behavior through allowed tools and explicit bash commands, but it does not declare any explicit permission model or safety boundaries for those capabilities. This increases the chance that a user or downstream system will underestimate the skill's authority, leading to unsafe execution of filesystem and host-modifying operations.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented behavior goes well beyond managing widgets: it can install software, copy skill files into the user's Claude skill directory, start applications, and perform environment repair. That mismatch is dangerous because users invoking a 'widget' skill may not expect package installation, persistence, or broader host changes, which weakens informed consent and expands the attack surface.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
This widget executes shell commands that enumerate local Git repositories and read commit history and branch metadata from the user's home directory. That behavior is unrelated to the declared skill purpose of managing Übersicht widgets, so it introduces unnecessary access to sensitive local development information and creates a scope mismatch that could surprise users.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The shell command scans the user's home directory with `find ~ -maxdepth 3 -name ".git"` and inspects repository metadata across up to 10 repos. In the context of a desktop-widget management skill, this is overbroad data access that can expose private project names, activity patterns, and current branch names without a clear need tied to the stated capability.

Description-Behavior Mismatch

High
Confidence
93% confidence
Finding
The widget executes an external network request to wttr.in every refresh cycle, which is outside the stated skill purpose of managing Übersicht widgets and introduces undisclosed data flow to a third party. Even though the request is not overtly malicious and does not interpolate user input, it expands the skill's trust boundary and can expose the user's IP address and usage patterns without clear necessity in this skill context.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The command performs outbound network access via curl to a third-party service without that behavior being justified by the declared widget-management functionality. In an agent skill, unnecessary network access is risky because it can be repurposed for tracking, covert exfiltration, or future abuse, and here it is not aligned with the advertised capability.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation includes destructive operations such as deleting widget files without any requirement for confirmation, backup, or safety checks. In a skill that may be invoked automatically from natural-language requests, this omission raises the risk of accidental data loss or deletion of the wrong file.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code silently reads local repository information and surfaces derived metadata such as top repo and current branch, but there is no visible warning or consent mechanism in this file. Even though it does not exfiltrate data off-host here, silently collecting local development metadata is privacy-invasive and riskier because the skill's declared purpose would not lead users to expect this behavior.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The widget silently contacts wttr.in to retrieve weather data, giving the third party the user's IP address and implicit timing/location-related metadata without any disclosure in the skill description or UI. While this looks more like an undeclared privacy issue than active exploitation, the lack of transparency makes the behavior unsafe in a security-sensitive review context.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
~/Library/Application\ Support/Übersicht/widgets/{name}.jsx

# Delete a widget
rm ~/Library/Application\ Support/Übersicht/widgets/{name}.jsx
```

Prefer the `scripts/` helpers for host operations. Only write raw widget files directly when creating or replacing actual JSX content.
Confidence
92% confidence
Finding
rm ~/Library/Application\ Support/Übersicht/widgets/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal