ClawHub

Secure Communicator

Security checks across malware telemetry and agentic risk

Overview

This skill is a local encryption helper, but it makes strong security claims while using weak custom cryptography and incomplete safeguards for sensitive data.

Treat this as a Review item rather than malware. It does not show exfiltration or hidden execution, but you should not rely on it for real confidential communication or high-value secrets. Prefer vetted tools such as age, OpenPGP, or libsodium-based encryption, and only install this if you understand the custom-crypto limitations and can manage output files and key files securely.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

High
Confidence
99% confidence
Finding
This is a real vulnerability. The `encrypt`/`decrypt` path generates per-message keys, places both `payloadKey` and `metadataKey` directly into the serialized output, and does not use the caller-supplied key file for protection, so anyone with the ciphertext can recover the plaintext. In a skill explicitly marketed for securing sensitive messages over insecure channels, this is especially dangerous because users are likely to trust it for confidentiality when it provides effectively none.

Intent-Code Divergence

Medium
Confidence
82% confidence
Finding
The comments and surrounding documentation are misleading relative to the actual behavior, including claims of a 'correct implementation' and metadata semantics that do not fully align with what is written. Misrepresenting cryptographic behavior is security-relevant because maintainers and users may rely on incorrect assumptions, increasing the chance that the insecure API is used or that protections are overestimated.

Natural-Language Policy Violations

High
Confidence
98% confidence
Finding
The skill markets a homegrown 'triple-layer XOR' scheme as suitable for sensitive communications over insecure channels, which can mislead users into relying on weak, nonstandard cryptography for real confidentiality. Repeated-key XOR with custom packaging is not comparable to vetted modern encryption, and the surrounding language ('secure', 'end-to-end encryption', use over email/chat/Telegram) materially increases the chance of unsafe deployment.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The file encryption/decryption examples instruct users to write outputs to paths like 'encoded.txt' and 'decrypted.pdf' without warning about overwriting existing files, writing sensitive plaintext to insecure locations, or accidentally exposing decrypted data. In a skill explicitly handling sensitive messages and files, omission of these safeguards increases the risk of data loss or confidentiality breaches through operator error.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal