ClawHub

Incident Replay

Security checks across malware telemetry and agentic risk

Overview

This is a local forensic debugging skill that intentionally captures and stores workspace snapshots, so it is sensitive but coherent with its stated purpose.

Install only if you are comfortable with a local tool copying workspace file contents, logs, and decision traces into incident_data. Before use, set WORKSPACE_ROOT narrowly, add exclusions for secrets/private directories, keep generated snapshots and reports out of synced or shared folders, and avoid untrusted or path-like values for --output.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The --analyze path automatically persists a new incident record to disk via create_incident() and _save_incident() as a side effect of analysis. In a security-sensitive context, post-mortem data can contain logs, file paths, trigger details, and decision traces, so silent persistence increases the risk of storing sensitive operational or secret-adjacent data without operator intent.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
save_report() joins a user-controlled filename with reports_dir but does not validate or normalize it, so absolute paths or traversal sequences like ../../ can escape the intended directory. In the CLI, --output is passed directly to this sink, allowing an attacker or unsafe caller to overwrite arbitrary files writable by the process, which is especially risky in agent environments handling local secrets or repo files.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README advertises point-in-time snapshots including file content, hashes, logs, memory files, and secret-leak detection, but it does not prominently warn at the point of feature description that the tool may collect and persist highly sensitive workspace data. In a forensics skill, users are especially likely to run it against production or agent workspaces containing credentials, prompts, logs, and proprietary data, so burying the warning in a later disclaimer increases the risk of accidental over-collection and unsafe storage.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
take_snapshot() reads full contents of files up to MAX_FILE_SIZE and persists them into snapshot JSON files on disk, which can capture secrets, tokens, credentials, private source code, logs, and other sensitive workspace data. In an incident-forensics skill, this is more dangerous because the tool is specifically designed to sweep large portions of a workspace, making broad sensitive-data retention a core behavior rather than an edge case.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
Incident records are written to disk without any user-facing disclosure at the moment of analysis, even though the saved artifact may include detailed forensic data. This is dangerous because operators may unknowingly create a persistent local database of sensitive failure context, increasing exposure through local compromise, backups, or accidental sharing.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The file write path is user-influenced and the code opens the target with mode 'w' without prompting, path restriction, or overwrite protection. Even when path traversal is not abused, this can silently clobber existing report files or other reachable files, causing integrity loss and making accidental misuse more dangerous in operational forensic workflows.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal