ClawHub

httplint

Security checks across malware telemetry and agentic risk

Overview

HTTPLint mostly behaves like a local HTTP scanner, but its license handling can run code from a crafted license token and its optional hook installer changes repository automation.

Review before installing. Use free local scans only on projects you intend to inspect, do not paste or store license keys from untrusted sources, and only run hooks install in repositories where recurring commit/push scans and lefthook.yml changes are acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The dispatcher implements hook installation and edits repository configuration files, which exceeds the advertised role of a passive HTTP misconfiguration detector. In an agent/skill context, unexpected write access to project configuration broadens the tool's authority and can create persistence or workflow-modification behavior that users may not anticipate.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
This code writes to lefthook.yml in the current repository and installs Git hooks, a capability not necessary for performing scans. Even though the behavior is user-invoked, modifying repository automation from a scanning skill creates unnecessary attack surface and can be abused to alter developer workflows or establish semi-persistent execution.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script reads a license key from both an environment variable and a local config file under the user's home directory, giving the skill access to locally stored secrets unrelated to HTTP analysis. In a skill whose stated purpose is HTTP misconfiguration detection, this broad secret-access behavior increases the attack surface and could enable unauthorized collection or misuse of sensitive tokens if the skill or surrounding framework is compromised.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The invocation phrases are broad enough to overlap with normal conversation, which can cause unintended activation of the skill in contexts where a user is merely discussing HTTP security rather than explicitly requesting a scan. Because the skill executes shell commands against user-supplied paths and may inspect the current directory by default, accidental triggering could lead to unintended command execution, repository scanning, or disclosure of local project structure in outputs.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal