ClawHub

Sopaper Evidence

Security checks across malware telemetry and agentic risk

Overview

This is a research helper that openly searches and fetches public evidence sources, with no artifact-backed sign of hidden persistence, credential use, or destructive behavior.

Install only if you are comfortable with a research skill that can send search terms and URLs to public services and can read local files or result directories you point it at. Do not use confidential project names, private research topics, or broad home-directory paths unless that disclosure and local indexing are acceptable for your workflow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill advertises and references multiple helper scripts with network, shell, file-read, and file-write capabilities, but it does not declare any permissions or capability boundaries. That mismatch can cause an execution environment or reviewer to underestimate the skill's actual access, increasing the risk of unintended file modification, command execution, or external data exfiltration if the scripts are invoked.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script sends user-supplied topic and query text to third-party services (OpenAlex and GitHub, and potentially DuckDuckGo via a helper) without any consent prompt, warning, or redaction step. In an evidence-gathering skill, users may include confidential project names, internal codenames, or sensitive research topics, so silent outbound transmission creates a real privacy and data-handling risk even though the network behavior is part of the feature.

External Transmission

Medium
Category
Data Exfiltration
Content
def search_openalex(query: str) -> list[dict[str, str]]:
    url = "https://api.openalex.org/works?" + urlencode(
        {
            "search": query,
            "per-page": 8,
Confidence
96% confidence
Finding
https://api.openalex.org/

External Transmission

Medium
Category
Data Exfiltration
Content
def search_github_repositories(query: str) -> list[dict[str, str]]:
    url = "https://api.github.com/search/repositories?" + urlencode(
        {
            "q": query,
            "sort": "stars",
Confidence
96% confidence
Finding
https://api.github.com/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal