ClawHub

Open Cve Scanner Repo

Security checks across malware telemetry and agentic risk

Overview

This is a vulnerability-scanning skill that reads user-supplied package or dependency data, queries public advisory services, and generates reports, with some disclosure and accuracy caveats.

Install only if you are comfortable sending package names, versions, and dependency inventory metadata to NVD, OSV.dev, GitHub, and package registries. Treat scan results as advisory, especially for older CVEs or products with incomplete version metadata.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill documentation indicates capabilities to read files, write outputs, access environment variables, invoke shell commands, and make network requests, but it declares no explicit permissions. This creates a transparency and governance gap: users and the platform cannot reliably assess or constrain what sensitive data may be accessed or transmitted during scanning, especially when dependency files and API tokens are involved.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The documented purpose is limited to open-source package vulnerability lookup, but the finding indicates materially broader behavior such as CPE-based scanning of general software and operating systems, plus dynamic learning of package-ecosystem mappings at runtime. This mismatch undermines informed consent and can cause users to expose additional environment, software inventory, or system metadata to external services beyond the stated scope.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The code silently excludes CVEs older than 2020 when version metadata is missing, even though those CVEs may still affect the user's deployed version. In a security scanning skill, this creates false negatives and can cause the tool to underreport real vulnerabilities, which is dangerous because users may incorrectly believe a package is safe.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The function is documented as deciding whether a version is affected, but its result can be driven by CVE publication year rather than actual version impact when structured version data is absent. That mismatch can mislead downstream logic and users into treating the result as authoritative, increasing the chance of incorrect security decisions.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger keywords are broad generic security terms, making accidental invocation likely during unrelated security discussions. In a skill that can read files and contact external vulnerability sources, overbroad triggering increases the chance of unintended analysis, file handling, or data disclosure without clear user intent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill supports uploading dependency files for batch analysis but does not clearly warn users that file contents or extracted package metadata may be transmitted to external services such as NVD, OSV.dev, or GitHub Advisory. This is a data-handling transparency issue that can expose proprietary dependency inventories, internal package names, or token-associated requests without informed consent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script executes a constructed shell command using eval, which causes the shell to re-parse the string and greatly increases command injection risk if any part of that string ever becomes variable or externally influenced. In this file the current test cases are hardcoded, so immediate exploitability is limited, but using eval in a reusable test helper is still unsafe because future modifications or parameterization could turn this into arbitrary command execution.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal