ClawHub

filesystem-1.0.2

Security checks across malware telemetry and agentic risk

Overview

This filesystem skill matches its stated purpose, but the package is incomplete while requesting broad local file access, so its safety controls cannot be verified.

Install only if you can inspect the actual filesystem executable from a trusted source or the publisher provides a complete package. If you use it, keep operations limited to specific project folders, require confirmation for copy/overwrite actions, use dry-run first, and avoid granting autonomous access to home directories, credentials, or system paths.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The configuration claims to constrain operations via an allowlist, but it includes "copy" without also modeling write semantics explicitly. Copy operations inherently create or overwrite files at the destination, so a consumer that interprets the policy as read/analyze-only could permit unintended filesystem modification despite the apparent safety restrictions.

Intent-Code Divergence

Medium
Confidence
84% confidence
Finding
The safety section signals a protected-path model, but allowing "copy" weakens that model because it enables creation of new files outside the intended read/analyze boundary. Even if system paths are blocked as destinations, copy can still be abused to place sensitive data or untrusted content into other writable locations, undermining the stated safety posture.

Missing User Warnings

Medium
Confidence
75% confidence
Finding
The README promotes content search and filesystem analysis features, including examples targeting locations like /var/log and /tmp, without clearly warning that these operations may expose sensitive data or touch high-risk system paths. In an agent setting, missing safety guidance can increase the chance of overscoped searches, accidental collection of secrets, or analysis of protected directories.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The package description advertises broad 'advanced filesystem operations' including listing, searching, batch processing, and analysis without any visible constraint on scope, target paths, or allowed operation classes. In an agent skill, vague capability framing can enable overbroad invocation and make it easier for an LLM-driven agent to use the tool on sensitive files or large directory trees in ways the user did not specifically intend.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal