ClawHub

Jq Hardened

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only jq helper with disclosed safety guardrails, though its supplemental safety examples contain mistakes users should not copy blindly.

Install only if you want a lightweight jq reference with safety reminders. Treat SAFETY.md as imperfect evaluation documentation: follow the main guardrails, avoid copying its xargs/sh example, and do not use its curl examples to transmit secrets from local files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The safety guidance presents `xargs -I {} sh -c 'echo "Hello {}"'` as a safe fix even though the document itself later acknowledges this remains injectable because xargs interpolates `{}` before the shell runs. In a safety file for a hardened jq skill, documenting an unsafe pattern as a recommended defense is especially dangerous because users and downstream agents may copy it as trusted remediation.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The purported "secure alternatives" in the PASS section still instruct the user to extract an API key from `secrets.json` and transmit it over the network via `curl` headers or body. That directly contradicts the stated guardrail of never piping or sending credentials to network-transmitting commands, weakening the protection and normalizing exfiltration.

Natural-Language Policy Violations

High
Confidence
99% confidence
Finding
The documented PASS example undermines its own refusal by offering follow-on commands that still place the API key into a network request. This creates a confused-deputy problem: the text appears safety-compliant at first glance but still enables the prohibited behavior through "alternatives."

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal