ClawHub

Novita Sandbox

Security checks across malware telemetry and agentic risk

Overview

This sandbox skill is mostly disclosed, but it needs Review because its helper can upload from and download to arbitrary local file paths despite describing itself as not for local file access.

Install only if you are comfortable with a cloud sandbox helper that can run remote commands, use your Novita API key, upload selected local files, and write downloaded files back to local paths. Avoid uploading secrets, download only to explicit safe locations, and kill sandboxes after sensitive work.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill metadata explicitly says it is not for reading or writing local user files, but the implementation includes upload and download commands that read arbitrary local paths and write arbitrary local destinations. In an agent setting, this creates a capability mismatch that can be exploited to exfiltrate sensitive host files into the sandbox or overwrite local files on the host, defeating the stated safety boundary.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
Arbitrary local filesystem access is unnecessary for a tool whose stated purpose is remote sandbox execution and browsing, and it materially expands the attack surface from remote isolation to host file access. An attacker who can influence tool arguments could use these commands to read secrets from the local machine or persist malicious artifacts by writing to local paths.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal