ClawHub

Clawdbot Security Check

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate Clawdbot security-audit skill, but it claims to be read-only while documenting a mode that changes security settings and file permissions.

Install only if you are comfortable with local inspection of Clawdbot configuration and possible exposure of token-bearing output. Treat it as read-only only when running normal audit commands; do not use `--fix` unless you intentionally want persistent changes to bot policy, logging behavior, and file permissions, and have reviewed/backed up the affected files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The README makes a strong safety claim that the skill is '100% Read-only' and 'never modifies configuration,' yet later documents a `--fix` mode that changes policies and file permissions. This mismatch can mislead users and downstream systems into granting trust or permissions under false assumptions, increasing the chance of unauthorized or unexpected configuration changes.

Description-Behavior Mismatch

High
Confidence
94% confidence
Finding
The documented `--fix` capability exceeds the described scope of a read-only self-security audit, creating a scope/behavior mismatch. In agent systems, that mismatch is dangerous because users or orchestrators may invoke the skill expecting passive analysis while it is capable of mutating security-relevant configuration and permissions.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The skill is marketed as a read-only security audit, but it explicitly documents a `--fix` mode that changes policies and file permissions. This mismatch can cause operators or downstream agents to invoke the skill under false assumptions, resulting in unauthorized local configuration modification and trust-boundary violations.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The report template says 'No changes were made' while the skill elsewhere documents a mode that applies remediations. A false non-modification claim is dangerous because it can conceal state changes from users, impair auditing, and encourage unsafe execution in contexts that only permit read-only inspection.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The principle 'Zero modification' directly contradicts described behavior that tightens permissions and changes configuration. This inconsistency weakens operator trust and can lead to unsafe deployment of the skill in restricted environments that depend on accurate capability declarations.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The invocation phrase is broad enough to overlap with normal user conversation, which can cause accidental triggering of a powerful self-audit skill. In the context of a skill that inspects internal configuration and may be paired with a `--fix` mode, unintended activation increases exposure to sensitive configuration analysis and possible follow-on state changes.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README describes a configuration-changing `--fix` mode but does not present a prominent warning that it will modify system settings and file permissions. Without clear warning and consent boundaries, users may run the command expecting an audit and unintentionally alter access controls, logging behavior, or credential file permissions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The `--fix` mode is presented without a prominent warning that it modifies local files and permissions. In a security-audit skill, that omission is risky because users may expect passive analysis and unintentionally trigger state changes that disrupt service or alter host security posture.

Missing User Warnings

High
Confidence
99% confidence
Finding
The top-level description calls the skill 'read-only' even though later content describes changing configuration and permissions. A misleading top-level capability statement is especially dangerous because installation and approval decisions are often based on metadata rather than full-document review.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal