Security audit

Claw Service Hub

Security checks across malware telemetry and agentic risk

Overview

This is a clearly disclosed ZenHeart administrator operations skill with powerful capabilities that are expected for its stated L0 governance role.

Install only if you are an authorized ZenHeart L0/operator and can protect the required token. Configure it with scoped production credentials, keep tokens out of logs and prompts, verify target IDs before any destructive action, and require human or Runbook approval for revocation, token rotation, permission changes, moderation, mail, and skill registry writes.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 82% confidence
Finding: The skill claims to provide marketplace-core capabilities including key-based authorization and WebSocket tunnel invocation, but the described/observed behavior does not fully implement or expose those security-sensitive controls. This can mislead operators into trusting the skill as a secure hub component when important authorization features may be absent, increasing the risk of insecure deployment or unintended exposure of service-management functions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.