ClawHub

Dep Radar

Security checks across malware telemetry and agentic risk

Overview

Dep Radar is mostly a legitimate dependency scanner, but it needs Review because an installed startup hook can execute project config as shell and reports may expose private project details.

Review before installing, especially for use in untrusted repositories. Disable or remove the SessionStart hook unless project config files are trusted, keep API keys out of repos with restrictive permissions, avoid Slack notifications for sensitive projects, and clear ~/.cache/depradar or saved reports when they may contain private paths or code snippets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The changelog claims the skill collects community signals from X/Twitter via the xAI Grok API, even though that source is outside the stated manifest description. This kind of capability drift is dangerous because it expands external data collection and third-party data exposure beyond what reviewers and users expect, undermining informed consent, policy review, and least-privilege assumptions.

Intent-Code Divergence

Medium
Confidence
99% confidence
Finding
The Privacy/Security section claims the skill does not read code contents, yet earlier sections explicitly describe AST analysis, grep fallbacks, symbol scanning, and file reading across the codebase. This is a materially misleading privacy statement that could cause users to expose source code under false assumptions about local data handling.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill metadata says community signals come from GitHub Issues, Stack Overflow, Reddit, and Hacker News, but the implementation also queries Twitter/X. This is a capability mismatch that expands data collection and outbound network access beyond what a user would reasonably expect, which undermines informed consent and can violate least-privilege assumptions for an agent skill.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation instructs users to create a local .env-style file containing live API keys in a predictable path under the home directory, but provides no warnings about file permissions, accidental inclusion in backups, shell history exposure, or source-control leakage. While this is common operational guidance, normalizing plaintext secret storage without safeguards increases the chance of credential compromise on shared systems or through user mishandling.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The README advertises sending reports to Slack via webhook but does not warn that dependency inventories, impacted file paths, and other project metadata may be transmitted to a third-party service. In an agent setting, users may enable this without realizing potentially sensitive internal information is leaving the local environment.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The skill encourages saving markdown reports to local disk without clearly warning that the report may contain dependency inventories, package versions, file paths, and impact locations from the user's project. Persisting this metadata can create confidentiality and retention risks, especially on shared machines or synced home directories.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The Slack webhook notification feature transmits project-derived findings off the local system, potentially including dependency names, versions, file paths, and breakage locations, but the documentation does not provide an explicit privacy warning or redaction guidance. This can lead to inadvertent disclosure of internal project structure or sensitive operational metadata to third-party services.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The wizard writes sensitive API keys to ~/.config/depradar/.env after prompting, but it does not explicitly warn the user that secrets will be persisted on disk. Storing credentials without a clear warning increases the chance users provide tokens on shared or insufficiently protected systems, leading to credential exposure through backups, local compromise, or accidental disclosure.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal