ClawHub

test3

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent KeePassXC integration, but it gives an agent broad access to sensitive vault secrets while documenting an unsafe and inconsistently described master-password fallback.

Install only if you intentionally want an agent to work with KeePassXC secrets. Use a separate minimal vault, review the referenced local helper scripts before use, avoid storing the vault master password inside the same vault, and require explicit approval before any secret is read, added, edited, or deleted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The documentation makes contradictory security claims: it says there are no file-based fallbacks and implies only secure keyring mechanisms are used, but later allows recovery of the database password from an entry inside the KeePass database itself. That circular fallback weakens the stated trust model, can mislead operators into assuming stronger protections than actually exist, and may cause insecure automation decisions.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The skill claims secrets remain exclusively in KeePassXC, but examples immediately move secrets into shell variables and even show piping the master password on stdin. Once exported to environment variables or echoed into commands, secrets may leak via process inspection, shell history, logs, crash dumps, or child processes, so the documentation understates real exposure.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The warning section claims all retrieval methods use secure keyring mechanisms, but the documented fallback chain includes reading the password from a KeePass entry and manual interactive entry. This is a security design inconsistency that can cause users and downstream agents to overtrust the workflow and mishandle secrets under false assumptions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal