ClawHub

Activity Control Ui

Security checks across malware telemetry and agentic risk

Overview

This appears to be a dashboard skill, but its local server exposes control and file access in ways that need review before installation.

Install only if you are comfortable running a local server from this skill. Bind it to localhost, avoid exposing it through tunnels or LAN interfaces, require a strong unguessable token for any control action, and review or restrict the static file handler before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The skill is presented mainly as a visual dashboard, but the documented behavior includes running an HTTP/WebSocket server, exposing an API, accepting inbound client messages, and allowing a client-triggered compact action. Those behaviors expand the attack surface significantly: local services can be abused by other local processes, browser-origin requests, or unintended network exposure if bound insecurely.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The HTTP handler uses req.url directly and joins it with the skill directory, then serves whatever file resolves there. This exposes any file under the skill directory to anyone who can reach the server, not just intended UI assets, which can leak source code, configuration, prompts, or other sensitive local files packaged with the skill; depending on path normalization behavior, it may also enable traversal outside the intended assets area.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal