ClawHub

Agent Skills Tools

Security checks across malware telemetry and agentic risk

Overview

This is a local, user-run security audit helper for skill packages, with no evidence of hidden execution, data export, or persistence.

Install this only if you want a simple local audit script for other skill packages. Run it on specific skill directories, review its findings as heuristics rather than proof of safety, and be aware that its output may include file paths or matching lines from the directory you scan.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill advertises and instructs execution of a shell-based auditing tool, but the manifest shown in SKILL.md does not declare any corresponding permissions or constraints. Undeclared shell capability weakens trust and reviewability because an installer or agent may authorize behavior that is not explicitly disclosed.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The script reports environment-variable usage as 'safe' purely based on matching syntax like process.env or ENV[, which can create a false sense of security during an audit. Secrets in environment variables can still be logged, inherited by child processes, exposed in crash dumps, or mishandled, so treating their mere presence as a security positive weakens the reliability of the audit.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The permission audit for credentials.json only checks whether the file is readable, but does not verify whether permissions are appropriately restrictive. This can mislead users into believing credential files are securely protected even when they are world-readable or otherwise overexposed.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal