ClawHub

digital gov consultant

Security checks across malware telemetry and agentic risk

Overview

This skill is an advisory digital-government helper with an optional, disclosed document-generation script that sends user-provided text to a third-party service.

Use the advisory content freely, but treat the optional generator as an external upload. Do not submit confidential procurement plans, internal architecture, real names, ID numbers, or sensitive operational details unless you trust digital.somebody.icu and its retention practices. Inspect the exact script path and destination before running the command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill exposes effective file-read, shell, and network capabilities via documented script execution, but does not declare permissions or clearly scope those capabilities. This weakens user consent and review, and in this context is especially risky because the same skill encourages sending user-supplied government project content to an external domain.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented purpose is advisory/consulting, but the behavior includes external submission of user text, support for custom base URLs, proxying, and subprocess-based network execution. That mismatch can conceal data exfiltration paths and makes the skill materially more dangerous because users may share sensitive government planning or operational information believing they are only receiving local guidance.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill is framed as a consultant but instructs users to run a script that sends their requirement text to a third-party service for document generation. In this domain, requirement text may contain internal government workflow details, procurement intent, or sensitive operational needs, so the external transfer creates a meaningful confidentiality and supply-chain risk.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill is presented as a consulting assistant, but this script transmits user-supplied requirement text to an external domain. That creates a data handling and transparency issue because potentially sensitive government project content may leave the local environment without clear disclosure or consent.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The WSL-specific use of curl.exe introduces an unnecessary execution path through an external program for a skill whose stated purpose is document and application guidance. This increases attack surface, complicates auditing, and may route data through unexpected system/network configurations on the Windows host.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
User-provided requirement text is submitted over the network with no user-facing warning in the code path. In the context of digital government consulting, those requirements may contain procurement plans, architecture details, internal workflows, or other sensitive information, making undisclosed exfiltration materially risky.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal