ClawHub

Skill Safety Verifier

Security checks across malware telemetry and agentic risk

Overview

This is a coherent skill-safety scanner, but its advisory lookup disables HTTPS verification, which can make its security results unreliable.

Review this skill before installing, especially the HTTPS handling in analyzer.py. Use it only with explicit skill paths or repositories you choose, prefer a pinned reviewed version, and treat its output as one input rather than a final security decision until TLS verification is fixed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill describes capabilities including reading files, writing files, making network requests, and executing commands, but the manifest declares no explicit permissions or scope restrictions. This creates a trust gap where an installer or orchestrator cannot enforce least privilege, increasing the chance the skill is invoked with broader access than users expect.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The code explicitly disables TLS certificate and hostname verification before requesting GitHub advisories. This allows a man-in-the-middle attacker to spoof the advisory API response, causing the tool to trust tampered vulnerability data and potentially mark malicious skills as safe or hide real dependency risks.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly states that SSL verification can be disabled and only labels it as 'not recommended for production,' which understates the real risk. Disabling TLS verification enables man-in-the-middle interception and tampering of advisory/API responses, which is especially relevant for a security tool that users may trust for risk decisions.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger regex is broad enough to match many ordinary installation or safety-related conversations, which can cause the skill to activate unexpectedly. In a security-review skill, accidental auto-invocation may expose repository contents, initiate network lookups, or influence user workflows without a clearly intended request.

External Transmission

Medium
Category
Data Exfiltration
Content
使用 GitHub Advisory API 获取真实漏洞数据,不阻塞安装流程。

**API**: `https://api.github.com/advisories`  
**认证**: 无需 Token(匿名 60次/小时)  
**TTL**: 本地缓存 24 小时
Confidence
80% confidence
Finding
https://api.github.com/

Unpinned Dependencies

Low
Category
Supply Chain
Content
# Requirements
requests>=2.28.0
Confidence
91% confidence
Finding
requests>=2.28.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
96% confidence
Finding
requests

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal