ClawHub

skills-security-scanner

Security checks across malware telemetry and agentic risk

Overview

This security scanner is purpose-aligned, but it can package and upload entire local skill directories to a remote cloud API using credentials while describing the service as local.

Review this before installing. Only use it if you are comfortable sending the selected skill directory or archive to the configured scanning endpoint. Do not point it at broad or sensitive paths, verify exactly which endpoint is configured, and use narrowly scoped credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
This script does not perform a purely local audit; it packages the provided skill and uploads it to an external scanning API for analysis. That creates a real data-exfiltration/privacy risk because source code, embedded secrets, and other local files may leave the host, which is more dangerous given the skill description suggests a security-audit tool rather than a remote upload client.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The script reads cloud access keys, secret keys, session tokens, and user identifiers from environment variables to authenticate outbound requests. While using env vars for configuration is common, in this context the capability exceeds the expected scope of a simple local security scanner and enables authenticated transmission of local artifacts to remote infrastructure.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The code uploads local files or directories to a remote service without any user-facing warning, confirmation, or disclosure in the execution path. This is dangerous because operators may assume the tool only inspects code locally and unknowingly transmit proprietary code or secrets off-host.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal