ClawHub

Cuihua Dependency Updater

Security checks across malware telemetry and agentic risk

Overview

This dependency updater is not clearly malicious, but it advertises safe automated updating, testing, rollback, and security analysis that the shipped code does not actually provide.

Review before installing. Treat this as a basic npm outdated reporter, not a safe updater. Use it only in version-controlled projects, inspect any generated package-manager commands before running them, and require explicit approval before changes to package.json, lockfiles, or node_modules.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill markets itself as providing safety checks, breaking-change detection, and automated testing, but the implementation only runs `npm outdated --json` and uses a major-version heuristic. This can mislead users into trusting update recommendations as validated or low-risk when no real compatibility or test verification has occurred, increasing the chance of disruptive or insecure dependency changes.

Intent-Code Divergence

Low
Confidence
83% confidence
Finding
The explicit 'Simple heuristic' comment confirms that breaking-change detection is not actually implemented despite the skill's claims of intelligent analysis. In the context of a dependency updater, this is dangerous because users may rely on underpowered risk classification to approve package updates that introduce regressions or incompatible API changes.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill encourages automated dependency updates but does not clearly warn that running update commands can modify package manifests, lockfiles, and installed dependency trees. In an agent setting, this can lead to unintended project changes, broken builds, or silent state drift if the user does not realize the skill may make direct repository modifications.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The configuration explicitly promotes unattended auto-updates for security and patch releases without an equally prominent warning about automatic modification of project files. In context, this is more dangerous because the skill is designed to operate on dependency state, so users may enable automation that changes manifests and lockfiles across a codebase without sufficient review or rollback guarantees.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal