ClawHub

DocSync

Security checks across malware telemetry and agentic risk

Overview

DocSync is a coherent documentation tool, but this version has unsafe shell command construction that can let crafted directory names run local commands.

Review carefully before installing. Use only in trusted repositories and avoid running it on untrusted or unusually named paths until the eval-based directory scan is fixed. Expect generated documentation files and optional git-hook configuration to change your working tree, and review diffs before committing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
This is a real command-injection risk. The script builds a shell command string containing the user-supplied directory path and exclusion fragments, then executes it with eval; if the directory argument contains shell metacharacters or crafted quoting, arbitrary commands can run with the privileges of the hook or analysis process. In this skill's context, that is especially dangerous because git hooks and repo-analysis tooling often process attacker-controlled repository paths or run automatically on developer machines and CI.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The script claims to validate JWT license keys offline, but `decode_jwt_payload()` only base64-decodes the payload and never verifies the JWT signature. An attacker can forge a token with arbitrary `tier`, `exp`, or `seats` values and bypass license enforcement, unlocking paid features and defeating the trust model of the licensing mechanism.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README advertises automatic regeneration of stale documentation without clearly warning that source-controlled files will be modified. In an agent or assistant-driven workflow, vague wording around write operations can cause users to trigger unintended file changes, creating integrity and workflow risks, especially in repositories with strict review or generated-doc conventions.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The `auto-fix` command is described without a prominent warning that it will rewrite documentation files automatically. In an agent-driven context, users may invoke it expecting analysis only, causing unintended repository changes, noisy diffs, or accidental commits of generated content.

Vague Triggers

Medium
Confidence
75% confidence
Finding
Broad trigger phrases like 'Document the architecture' or similar natural language examples can cause accidental invocation in ordinary conversation, especially in agent environments that map user intent to skill execution. That can lead to unexpected repository scans or file generation without sufficiently clear user intent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal