ClawHub

World Model

Security checks across malware telemetry and agentic risk

Overview

This skill does not show theft or destructive behavior, but it is incomplete and asks for broad state tracking without clear privacy limits.

Review before installing. This package appears more like an incomplete, broad decision-support scaffold than a fully implemented skill. Install only if you are comfortable with local state and prediction logs about user intent, agent goals, environment, and business context, and verify or remove any added world_model.py implementation before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The wrapper dynamically loads world_model.py and then instantiates the first class it finds, which means any top-level import side effects and constructor code in that file will execute automatically. In a skill ecosystem, this creates a broad and opaque execution surface because the wrapper does not restrict which class is loaded or verify that it matches an expected safe interface, making the skill more dangerous than its declared 'world-model' purpose suggests.

Intent-Code Divergence

Low
Confidence
84% confidence
Finding
The wrapper advertises only a generic capability while actually performing dynamic module loading and flexible method dispatch, which hides the skill's real execution behavior from any policy or review layer that relies on capability metadata. In an agent setting, inaccurate capability declaration can weaken security controls, routing, and human oversight, making risky code execution harder to detect.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly promotes broad environment state tracking, including extensive system variables and history retention, but provides no privacy boundaries, minimization guidance, or consent requirements. In an agent skill intended for AGI decision support, collecting and persisting rich state can easily include sensitive user, device, or behavioral data and enables unnecessary surveillance or secondary use.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The world state schema enumerates detailed user and environment attributes such as identity, goals, session metadata, timezone, OS, tools, uptime, and business context without any safeguards or handling requirements. This creates a concrete blueprint for collecting highly linkable and potentially sensitive behavioral and system data, which increases privacy, profiling, and data exposure risk if logged, shared, or reused by downstream components.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal