ClawHub

Stdio Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a local inbox/outbox file dropbox whose file access is contained to its own stdio folders, with a small documentation/privacy caveat around delete and absolute path reporting.

Install only if you want an agent-accessible local file dropbox. Put only files intended for agent handling in the stdio folders, treat overwrite/delete operations as destructive within those folders, and avoid sharing stdio_paths output if absolute local paths are sensitive.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Tp4

High
Category
MCP Tool Poisoning
Confidence
92% confidence
Finding
The skill description presents a narrow inbox/outbox bridge, but the documented behavior exposes broader file-management capabilities including deletion, arbitrary reads/writes within the managed boxes, directory enumeration, and disclosure of resolved absolute paths. This mismatch is dangerous because downstream agents or users may trust the safer description and invoke a tool that has materially greater capability than advertised, increasing the chance of unintended file tampering, data exposure, or misuse.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The `stdio_paths` tool returns `root: ROOT` in addition to the inbox/outbox/tmp paths, disclosing the resolved repository root on disk. That exceeds the skill’s stated dropbox purpose and reveals unnecessary host filesystem layout information that can aid later targeting, path guessing, or chaining with other tools/components.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal