ClawHub

inputshield

Security checks across malware telemetry and agentic risk

Overview

InputShield is mainly a local code scanner, but its hook setup can persistently change repository behavior and block commits or pushes without enough control or warning.

Use normal scans if you are comfortable with a local regex scanner reading the target project and printing matched code snippets. Treat `hooks install` as a repository-changing setup action: inspect `lefthook.yml`, expect future commit and push checks, and keep a backup before installing or uninstalling. Avoid passing license keys on the command line where shell history or process listings may expose them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The dispatcher for a skill described as a scanner also installs and removes git hooks and writes repository configuration, expanding its behavior from passive analysis into modifying developer workflow. Even if intended as a convenience feature, this increases the trust boundary and can be abused to introduce persistent execution during commits or alter repository behavior in ways users may not expect from a scanning tool.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
This code edits lefthook.yml in the current repository and injects commands that will execute on future commits, which is a persistence mechanism outside the core purpose of scanning. In an agent-skill context, modifying repo hook configuration is more dangerous because users may invoke a scan expecting read-only analysis, not changes that cause recurring code execution in their development environment.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation phrases are broad enough to match many generic security-review requests, making accidental triggering more likely in contexts where the user only wanted analysis or advice. Because the skill can execute shell scripts and potentially modify project state via related commands, loose trigger boundaries raise the risk of unintended tool execution.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The hooks installation flow changes repository configuration and introduces a pre-commit gate that can block developer commits, but the description understates the operational impact. Without a clear warning and explicit consent, users may trigger a command that persists changes in their repo and disrupts normal development workflows.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal