ClawHub

regexguard

Security checks across malware telemetry and agentic risk

Overview

RegexGuard mostly matches its local regex-scanning purpose, but it has serious review-worthy risks in license-token parsing and git-hook modification.

Install only after reviewing the scripts. Avoid using license keys from untrusted sources, prefer environment/config storage over the CLI flag, and do not use hook install/uninstall unless you are comfortable with the skill modifying lefthook.yml and running automatic commit/push scans.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
This code installs and modifies git hook configuration in the user's repository, which is a project-changing capability outside the stated purpose of a regex analysis skill. In an agent/skill context, unexpected write operations to repository automation are dangerous because they create persistence and can influence future developer workflows and commits.

Context-Inappropriate Capability

High
Confidence
94% confidence
Finding
This routine removes or rewrites repository hook configuration files, which is still an unauthorized repository modification capability relative to the advertised analyzer role. Even though it is uninstall logic, it can alter project configuration and potentially damage unrelated hook definitions through pattern-based deletion.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
This file implements license validation, JWT parsing, tier enforcement, and secret handling even though the skill is described as a regex safety analyzer. That scope mismatch is security-relevant because it introduces unrelated privileged behavior and expands the attack surface, including trust decisions based on locally supplied tokens and secrets. The danger is increased by the fact that the JWT is accepted without cryptographic verification when the shared secret is absent, so tier/product decisions may be made from attacker-controlled claims.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The script reads a license key from an environment variable and from a local user config file, which is beyond the stated regex-analysis purpose and gives the skill access to sensitive local material. Even though this file does not exfiltrate the secret, unnecessary secret access is dangerous because it normalizes privileged data handling and creates opportunities for future leakage, misuse, or confused-deputy behavior. In this context, the capability is less justified and therefore more suspicious.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The skill advertises many broad natural-language triggers such as general requests to scan, audit, or check code, without tight activation boundaries. In an agent setting, that can cause unintended invocation on ambiguous user requests, leading to unplanned filesystem scanning, license/status disclosure, or side-effecting command execution if the dispatcher supports additional actions.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The example usage scenarios use broad phrases like 'Scan my code' and 'Audit regex patterns,' which may over-match ordinary developer requests in multi-skill environments. Because the skill is user-invocable and can scan directories by default, accidental activation could expose file contents to local processing and produce unintended command runs across a repository.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script accepts a license key on the command line and exports it into the environment, which risks credential exposure through shell history, process listings, CI logs, or diagnostic output. In a shell-based tool this is a real secret-handling weakness, especially because users are not warned toward safer input methods.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal