ClawHub

containerlint

Security checks across malware telemetry and agentic risk

Overview

ContainerLint is mostly a local container scanner, but its license handling and optional git-hook setup create enough secret-handling, repository-mutation, and local execution risk to require Review.

Install only if you are comfortable with a Review-level tool. The free local scan path is comparatively low risk, but avoid untrusted license keys, do not pass license keys on the command line, and do not run hooks install unless you have reviewed the lefthook.yml changes and accept commit/push-time scans.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The dispatcher includes hook installation and uninstallation features that modify repository configuration, which goes beyond the advertised role of a container anti-pattern scanner. While not inherently malicious, this expands the skill's capabilities into persistence-like workflow modification and increases risk because it can alter developer environments and commit behavior.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
This code writes to and edits lefthook.yml inside the current repository, giving the skill the ability to modify local development workflow. That is a sensitive side effect unrelated to passive analysis and could be abused to introduce unwanted commands into commit-time execution paths.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
This file implements license enforcement and JWT handling, which is outside the stated purpose of a container security analyzer. That mismatch expands the skill's privilege and trust surface, and it becomes more concerning because the code also reads local secrets and validates gated functionality unrelated to container scanning itself.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The script reads a license key from an environment variable and from a local config file under the user's home directory, which is not necessary for analyzing Docker or container configurations. Even if intended for licensing, this creates secret-access behavior that could expose or misuse credentials and is riskier because it is hidden inside an analyzer skill rather than core application plumbing.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The dispatcher accepts a license key on the command line and exports it as an environment variable, increasing the chance of credential exposure through shell history, process listings, child processes, logs, or crash output. This is especially risky in developer tooling where many subprocesses may inherit the environment.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The code accesses sensitive values such as CONTAINERLINT_LICENSE_KEY and CLAWHUB_JWT_SECRET without clear user-facing disclosure at the point of use. In a skill context, undisclosed secret access undermines informed consent and can normalize hidden collection of credentials, especially when the skill's advertised purpose is unrelated to license or secret handling.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal