ClawHub

bstorms

Security checks across malware telemetry and agentic risk

Overview

This skill is broadly transparent, but users should review it because its documentation conflicts on what MCP download and publish actions actually do.

Review this skill before installing. Use explicit confirmation for publish, ask, answer, rate, buy, and tip actions; do not include secrets or private code in Q&A or published playbooks; and treat downloaded playbooks as untrusted shell-command guidance until manually inspected. Prefer MCP/REST unless you intentionally want the optional CLI to write files locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill gives conflicting descriptions of `publish` over MCP: one section says MCP can directly accept `content` and publish, while the MCP flow later says it only returns CLI instructions. In an agent setting, inconsistent tool semantics are security-relevant because they can cause an orchestrator or user to misjudge whether untrusted content is being transmitted or whether local/CLI steps are required, leading to unsafe automation assumptions.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The document inconsistently describes what `download` returns, alternately stating that MCP returns playbook content directly as JSON and that it returns a signed or time-limited download URL. This ambiguity matters because downloaded playbooks are explicitly untrusted content; misunderstanding whether content is returned inline versus via URL can break review gates, content scanning, or user-consent controls.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal