ClawHub

nmap MCP server for AI-assisted network security auditing

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed nmap-based network scanning skill with real dual-use power, but its sensitive behavior matches its stated security-auditing purpose.

Install only if you intend to let an agent run nmap on networks you are authorized to test. Before use, narrow config.yaml to the exact approved CIDRs, protect or periodically delete audit.log and scans/*.json, and be careful with setcap because it grants the nmap binary raw-socket capability for local users.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill documentation describes capabilities that enable environment variable use, file reads/writes, and shell execution, but no explicit permission declaration is present. In an agent skill ecosystem, this creates a trust and governance gap: consumers may invoke a highly privileged skill without clear consent boundaries, and shell-backed network scanning materially increases misuse risk even if the stated purpose is legitimate.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The README encourages broad natural-language requests like 'scan ... for open ports' and 'run a full recon' without pairing them with strong authorization, confirmation, or scope-validation guidance at the invocation point. In an agent setting, this can increase the chance of the tool being triggered from ambiguous user prompts or on targets the user is not actually authorized to scan, especially because the skill is explicitly designed for autonomous tool selection.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README advertises scan persistence and audit logging but does not clearly warn that stored scan results, host inventories, service versions, and vulnerability findings may contain sensitive security data. If these files are retained indefinitely or stored in insecure locations, they can become a valuable source of reconnaissance for an attacker or create compliance/privacy issues for defenders.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal