ClawHub

Gateway Keeper

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real gateway watchdog, but it installs recurring background automation and changes future agent recovery behavior without enough user control.

Install only if you intentionally want continuous gateway monitoring. Review the exact cron entry and HEARTBEAT.md block before use, remove both when no longer needed, and do not use the documented Windows admin PowerShell commands unless the missing PowerShell scripts are provided and reviewed. Recovered sessions should ask for fresh approval before retrying file, deployment, account, or external-service changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The documented behavior overstates platform support and automation while understating side effects such as modifying HEARTBEAT.md. This can mislead operators into running install scripts with elevated privileges under false assumptions, causing unintended persistence changes, workflow tampering, or unreliable recovery behavior because the actual implementation differs from what was advertised.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The installer makes persistent user-environment changes by overwriting the user's crontab entry set and appending operational instructions to HEARTBEAT.md without any prior disclosure, confirmation, or dry-run mode. This is dangerous because it establishes recurring execution and modifies workflow/state files in a way the user may not notice, which increases the risk of unauthorized persistence, accidental disruption of existing cron configuration, and trust-boundary violations in an agent skill installer.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal