ClawHub
Back to skill

Security audit

Research Logger

Security checks across malware telemetry and agentic risk

Overview

This research-note skill mostly matches its purpose, but it has a local code-execution bug and under-discloses external search and temporary-file side effects.

Review carefully before installing. Do not run it on untrusted or unusual topic strings until the Python quoting bug is fixed, and avoid sensitive topics unless you are comfortable sending them to external search/GIF tools and saving generated notes locally or in Bear.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill declares no permissions while its documented behavior and associated script usage imply shell execution and network-backed research actions. This undermines transparency and consent, because an agent or reviewer may approve the skill without realizing it can execute commands and access external resources.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The documented purpose says the skill researches a topic, matches a GIF, and logs to Bear, but the detected behavior expands beyond that by performing direct outbound network access, writing data to a temporary file, and optionally invoking external tooling directly. Behavior that exceeds or differs from the declared description is dangerous because it can bypass user expectations, hide data flows, and trigger side effects outside the stated scope.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The activation trigger, 'When the user asks to research a topic and log it,' is broad enough to match common requests and may cause the agent to run the skill in situations where the user did not intend shell execution, web lookups, GIF retrieval, or note creation. Over-broad activation increases the chance of unintended external actions and silent persistence of content to local note systems.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill omits a clear warning that it may create and save notes to Bear, which is a persistent side effect involving potentially sensitive research content. Without explicit notice, users may unintentionally store private or proprietary information in an external note repository or synced ecosystem.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
In standalone mode, the script sends the user-provided topic to DuckDuckGo over the network. If users provide sensitive research topics, internal project names, or personal data, this can leak information to a third party without an explicit warning or consent step, making the privacy risk real in this context.

Missing User Warnings

Low
Confidence
86% confidence
Finding
In standalone mode, the script sends the user-provided topic to DuckDuckGo over the network. If users provide sensitive research topics, internal project names, or personal data, this can leak information to a third party without an explicit warning or consent step, making the privacy risk real in this context.

Missing User Warnings

Low
Confidence
91% confidence
Finding
The script writes note content derived from user input and fetched data to a predictable fixed path, /tmp/research_note.md. On multi-user systems or unsafe environments, this can expose sensitive content, cause accidental overwrites, or enable symlink/hardlink attacks if the script is run with elevated privileges.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill advertises research logging but does not clearly warn that it will perform external web searches, invoke a GIF lookup, and automatically create a note in Bear. This can cause unintended data egress and side effects because a user or calling agent may trigger network activity and local note creation without informed consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.