ClawHub

vibe-check

Security checks across malware telemetry and agentic risk

Overview

This appears to be a disclosed code-auditing skill, with the main caution that analyzed code may be sent to external LLM providers when API keys are configured.

Install only if you are comfortable with analyzed files being sent to configured LLM providers. Avoid running it on repositories containing secrets, proprietary code, or regulated data unless your organization permits that provider use, and scope each run to the specific files or diff you want reviewed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (15)

eval() call detected

High
Category
Dangerous Code Execution
Content
API_URL = "http://localhost:8080"

def process(data):
    result = eval(data["query"])
    return result

def get_user(x):
Confidence
99% confidence
Finding
result = eval(data["query"])

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The script reads API credentials from environment variables and sends full source file contents to third-party LLM providers for analysis. In a code-audit skill, this creates a real confidentiality and data-governance risk because proprietary code, secrets embedded in files, or regulated data may be exfiltrated without strong disclosure, consent, or filtering.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The file's behavior is unrelated to the declared skill purpose of auditing code for AI-generated anti-patterns and instead implements account/database operations plus email sending. This capability mismatch is a strong indicator of deceptive or hidden functionality, making the skill more dangerous because users and reviewers would not expect it to manage users, modify databases, or transmit data externally.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
Outbound SMTP email capability is unjustified for a code-auditing skill and creates an unexpected exfiltration or spam channel. In this context, the mismatch materially increases risk because the skill could send report contents, secrets, or user data to external recipients without any legitimate need tied to its declared function.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
User-account CRUD operations against a local users database are unrelated to a code-audit/report-card skill and represent hidden stateful behavior. This context makes the issue more dangerous because the skill could create, query, or delete records unexpectedly, indicating unauthorized functionality beyond the user's security-audit expectation.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The module docstring states it is an API handler for user management, directly contradicting the manifest's claimed audit-only purpose. While a docstring alone is not exploitable, in combination with the actual code it is evidence of intentional mismatch and increases confidence that the skill contains undeclared, potentially harmful functionality.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad enough to match normal requests like 'audit code', 'code quality', 'check my code', or 'code review', which may activate this skill unexpectedly. Because the skill then directs shell-based analysis over files, directories, or git diffs, accidental invocation could lead to broader-than-expected scanning of local project contents.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script transmits full file contents to external LLM APIs but does not provide user-facing disclosure at the point of execution beyond requiring API keys. Because this skill audits arbitrary source files, the context makes the issue more dangerous: users may analyze sensitive repositories and unintentionally send confidential code outside their environment.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The delete path performs a destructive database operation without confirmation, authorization checks, or disclosure, creating a risk of accidental or malicious record deletion. In this skill context it is more concerning because deletion capability is not expected at all from a code-auditing tool, so users would have little reason to anticipate or monitor such side effects.

Missing User Warnings

Low
Confidence
77% confidence
Finding
The signup path writes to the database without any disclosure or consent, causing hidden persistent side effects. In a code-audit skill this is unexpectedly dangerous because even non-destructive writes violate user expectations and may create unauthorized records or contaminate local state.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code sends email through an external SMTP service without user-facing disclosure, creating an undisclosed outbound data transfer path. Given the skill's stated audit-only purpose, this is more dangerous because any external transmission is unexpected and could be used for data exfiltration or unauthorized notifications.

External Transmission

Medium
Category
Data Exfiltration
Content
# Method 1: Anthropic API
  if [ -z "$result" ] && [ -n "${ANTHROPIC_API_KEY:-}" ]; then
    result=$(curl -sf --max-time 60 \
      -H "x-api-key: ${ANTHROPIC_API_KEY}" \
      -H "anthropic-version: 2023-06-01" \
      -H "content-type: application/json" \
Confidence
95% confidence
Finding
curl -sf --max-time 60 \ -H "x-api-key: ${ANTHROPIC_API_KEY}" \ -H "anthropic-version: 2023-06-01" \ -H "content-type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
# Method 2: OpenAI API
  if [ -z "$result" ] && [ -n "${OPENAI_API_KEY:-}" ]; then
    result=$(curl -sf --max-time 60 \
      -H "Authorization: Bearer ${OPENAI_API_KEY}" \
      -H "content-type: application/json" \
      -d "{\"model\":\"gpt-4o\",\"messages\":[{\"role\":\"user\",\"content\":${escaped_prompt}}],\"max_tokens\":4096}" \
Confidence
95% confidence
Finding
curl -sf --max-time 60 \ -H "Authorization: Bearer ${OPENAI_API_KEY}" \ -H "content-type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
-H "anthropic-version: 2023-06-01" \
      -H "content-type: application/json" \
      -d "{\"model\":\"claude-sonnet-4-20250514\",\"max_tokens\":4096,\"messages\":[{\"role\":\"user\",\"content\":${escaped_prompt}}]}" \
      https://api.anthropic.com/v1/messages 2>/dev/null | python3 -c "
import json, sys
resp = json.load(sys.stdin)
print(resp['content'][0]['text'])
Confidence
88% confidence
Finding
https://api.anthropic.com/

External Transmission

Medium
Category
Data Exfiltration
Content
-H "Authorization: Bearer ${OPENAI_API_KEY}" \
      -H "content-type: application/json" \
      -d "{\"model\":\"gpt-4o\",\"messages\":[{\"role\":\"user\",\"content\":${escaped_prompt}}],\"max_tokens\":4096}" \
      https://api.openai.com/v1/chat/completions 2>/dev/null | python3 -c "
import json, sys
resp = json.load(sys.stdin)
print(resp['choices'][0]['message']['content'])
Confidence
88% confidence
Finding
https://api.openai.com/

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal