ClawHub

Skill Security Scanner

Security checks across malware telemetry and agentic risk

Overview

This is a readable local security scanner, but its trust and block decisions are fragile enough that users should review it before relying on it.

Use this only as an advisory scanner, not as an automatic proof that a skill is safe. Review clean and flagged results manually, be cautious with the pre-populated allowlist, and do not rely on skill names alone for trust or provenance.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
85% confidence
Finding
The skill advertises shell and network-capable audit scripts (`audit.sh`, `audit-all.sh`) but declares no explicit permissions or safety boundaries. This creates a transparency and governance gap: users may invoke a skill that can execute commands and access the network without clear prior consent or sandbox expectations.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger phrases are overly broad (`skill audit`, `security scan`, `skill review`, `before loading external skill`) and can match common user intents beyond this specific tool. Ambiguous invocation increases the chance the skill runs unexpectedly, potentially executing shell scripts or modifying local state in contexts where the user did not intend it.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation states that the scanner automatically creates and updates `./blocklist.txt`, but it does not clearly warn users that local files will be modified. Silent or poorly disclosed filesystem writes are risky because they can alter project state, interfere with workflows, or be abused as a precedent for broader unintended file modification.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal