ClawHub

Kiro

Security checks across malware telemetry and agentic risk

Overview

This is a Kiro workflow guide whose powerful hook and MCP examples are disclosed and user-configured, but they should be copied carefully.

Install only if you want Kiro workflow guidance. Before copying examples, restrict MCP allowedPaths, use project-specific least-privilege tokens, avoid production deploy hooks unless protected by approvals, and do not enable hooks that delete files or send external webhooks without validating paths, payloads, and secrets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The MCP example shows external-tool integration and use of a GitHub token, plus filesystem access to an allowed path, but does not prominently warn users about the security implications of connecting external servers or scoping credentials. In an agentic IDE context, this matters because MCP integrations can expand data access and tool execution, increasing the blast radius if configured too broadly or used with overprivileged tokens.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation includes a hook that automatically deletes a file via `rm {{test_file}}` when a source file is deleted, but it does not warn users that the example performs destructive filesystem actions. In a skill focused on IDE workflow automation, readers may copy this pattern directly into active hooks, creating unintended file loss or abuse if variables resolve unexpectedly or are manipulated.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The example shows automatic production deployment on `git.push` to `main` using `vercel --prod` without any warning about the operational impact. In the context of an agentic IDE workflow guide, this is risky because users may enable deployment-by-push without approval gates, causing accidental or unauthorized production changes.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The example sends a POST request to `$SLACK_WEBHOOK` on push without explaining that it transmits data to an external service or warning about secret handling. In this skill's automation context, users may reuse the snippet without considering privacy, token exposure, outbound network policy, or what repository metadata may be sent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal