ClawHub

安全文件编辑器

Security checks across malware telemetry and agentic risk

Overview

This is not malware, but it should be reviewed because it can edit any writable file and its promised confirmation safeguard is not enforced by the code.

Review before installing. Use it only on user-approved paths, always run dry_run first, inspect the proposed change yourself, and do not assume the Python API enforces human approval. Avoid using it on secrets, system files, or production data unless you have separate backups and explicit control over the target path.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The module advertises a four-eyes/secondary-confirmation safety model, but `require_confirmation` is never enforced and `safe_edit(..., dry_run=False)` performs immediate writes. In an agent setting, this creates a misleading trust boundary: callers may rely on documented approval gates that do not actually exist, enabling unintended or unauthorized file modification.

Intent-Code Divergence

Low
Confidence
97% confidence
Finding
The module advertises a four-eyes/secondary-confirmation safety model, but `require_confirmation` is never enforced and `safe_edit(..., dry_run=False)` performs immediate writes. In an agent setting, this creates a misleading trust boundary: callers may rely on documented approval gates that do not actually exist, enabling unintended or unauthorized file modification.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The skill advertises itself for "任何需要修改文件的操作" (any operation needing file modification), which is an overly broad activation scope for a high-impact capability. Even though the document describes safety measures like dry-run and backups, a broad trigger increases the chance the agent invokes this skill in inappropriate or sensitive contexts, leading to unintended file changes or misuse across unrelated tasks.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal