ClawHub

Auto Repair Agent

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local troubleshooting helper, but its watch mode can run user-supplied shell commands.

Install only if you are comfortable with a Node.js helper that can execute local commands when you explicitly use watch mode. Avoid passing untrusted text as a command, review any learned patterns, and do not include secrets or sensitive logs in patterns you ask it to store.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
85% confidence
Finding
The skill advertises capabilities that imply network access and command execution, but it does not declare permissions or trust boundaries. Undeclared capabilities make it harder for users and hosting platforms to assess risk, and can lead to silent exposure of networked behavior or command-driven side effects during use.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The description frames the skill as workflow repair, but the documented behavior includes arbitrary shell command execution, persistence of learned patterns, and broader operational features not clearly disclosed as sensitive actions. This mismatch can mislead users into invoking a tool with much greater authority than expected, increasing the risk of command injection, unsafe execution, or unauthorized state changes.

Vague Triggers

Medium
Confidence
82% confidence
Finding
Using a broad trigger like 'debug' can cause the skill to activate in many unrelated contexts, increasing the chance that sensitive logs, commands, or repair actions are invoked unintentionally. For a skill with self-healing and execution semantics, accidental activation materially raises the risk surface.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The invocation phrase 'heal this error' is vague and lacks constraints on what data, commands, or environment the skill may inspect or modify. In a self-repair context, ambiguous activation can lead to overbroad diagnosis, unintended command suggestions, or automatic actions beyond the user's intent.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
`cmdWatch` passes user-controlled input directly into `execSync(command, ...)`, which invokes a shell and interprets metacharacters. In an agent context, this is dangerous because any upstream prompt, workflow value, or untrusted input reaching watch mode can lead to arbitrary command execution under the agent's privileges.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
2. **Root Cause Diagnosis** — Matches against known fix pattern database
3. **Auto-Fix Application** — Applies fixes when confidence ≥ 85%
4. **Pattern Learning** — Learns new patterns from user corrections
5. **Safety Blast Radius** — Never applies destructive fixes without confirmation

---
Confidence
91% confidence
Finding
without confirmation

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal