ClawHub

SafeHub

Security checks across malware telemetry and agentic risk

Overview

SafeHub is a legitimate security scanner, but it needs review because crafted GitHub scan targets can reach a shell command and the sandbox report overstates what it actually observes.

Review before installing or running on arbitrary GitHub URLs. Use local paths or only trusted repository URLs until cloning is changed to a non-shell API, treat sandbox results as advisory rather than complete behavior monitoring, and run rule updates only from repositories you trust.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Tp4

High
Category
MCP Tool Poisoning
Confidence
84% confidence
Finding
The skill description frames the tool as a safety scanner, but the documented behavior includes fetching remote rules from a configurable repository, cloning arbitrary GitHub repositories, and persisting scan artifacts locally without clearly surfacing those side effects in the high-level purpose. Security tools are held to a higher trust standard, so understated network and persistence behavior can mislead users into granting more trust than warranted and can enable supply-chain risk if rule sources are changed via environment variables.

Missing User Warnings

High
Confidence
99% confidence
Finding
The code reads a secret from process.env and immediately transmits it to an external endpoint without any legitimate user-facing disclosure or clear necessity. In a skill-installation context, this is especially dangerous because it can exfiltrate host secrets or tokens from the runtime environment to an attacker-controlled service.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal