ClawHub

cipher65536

Security checks across malware telemetry and agentic risk

Overview

The skill appears to encode and decode files as described, but it promotes bypassing upload restrictions and overstates the safety of its custom encryption.

Review before installing. Do not rely on scramble mode for highly sensitive files, and do not use this skill to evade platform, workplace, DLP, or moderation controls. Treat generated .key files as sensitive secrets, prefer explicit safe output paths when decoding untrusted text, and verify restored files before opening them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (13)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The README makes strong cryptographic claims such as resisting known-plaintext and ciphertext-only attacks for a custom XOR-based scheme without evidence, peer review, or a standard authenticated encryption design. This is dangerous because users may rely on the tool for confidential transfer, when the described construction may provide far weaker protection than advertised and could fail catastrophically under realistic attack conditions.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The Security Principles section makes strong claims that the scheme resists known-plaintext, ciphertext-only, and other cryptanalytic attacks, but the described design is byte-level XOR over encoded text and does not justify those guarantees. Overstated security claims are dangerous because users may rely on the tool for sensitive data protection under a false sense of confidentiality.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The manifest explicitly promotes bypassing upload restrictions, which positions the tool as a mechanism to evade platform controls rather than merely encode files. That increases abuse potential by enabling exfiltration or transfer of prohibited content through text channels that defenders may treat as lower risk.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The tool markets its protection as 'true random' XOR encryption from local loopback jitter, but the actual confidentiality mechanism is a deterministic keystream generated from a single seed via SHAKE-256. While this may still produce a strong stream if the seed is truly high-entropy, the security claim is misleading and can cause users to overtrust the scheme for 'high-security steganography' or encryption use cases. In this context, overstated cryptographic assurances are dangerous because the skill is explicitly positioned for secure file transfer and hidden metadata protection.

Natural-Language Policy Violations

High
Confidence
96% confidence
Finding
The README states that the tool can 'prevent eavesdropping' during transfer and presents encryption mode as a security feature without important qualifications. Because the described mechanism is custom XOR-based and not clearly authenticated or standardized, these assurances can mislead users into transmitting sensitive files under a false sense of security.

Natural-Language Policy Violations

High
Confidence
98% confidence
Finding
The README claims the custom design 'effectively resists' multiple cryptanalytic attacks and invokes technical-sounding concepts to imply strong security guarantees. Unsupported assurances around a home-grown XOR keystream system are dangerous because they can cause operators to misuse the tool for high-risk data transfer where failure of confidentiality would have serious consequences.

Natural-Language Policy Violations

Medium
Confidence
96% confidence
Finding
The documentation presents XOR encryption with a 256-bit key space and jitter-derived randomness as if it provides robust cryptographic security, including resistance to known attacks. XOR-based constructions are highly fragile unless implemented as a true one-time pad with perfect key management; presenting them as strong encryption can directly mislead users into insecure handling of sensitive files.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The markdown says decoding saves the file using the embedded original filename but does not warn that this may create or overwrite files on disk. If an attacker supplies crafted metadata, a user may unknowingly write files to unintended locations or clobber existing files, especially if the implementation does not sanitize paths.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document recommends writing encryption key material to a .key file and frames this as a security guarantee based only on file permissions. Storing raw keys on disk materially increases exposure to theft via backups, endpoint compromise, misconfigured file sharing, or operational mistakes, and the documentation does not warn users about these risks or suggest safer key handling.

Natural-Language Policy Violations

High
Confidence
98% confidence
Finding
The text explicitly advertises that the Unicode-encoded ciphertext can bypass binary upload restrictions and platform filtering. In a file-transfer/encryption skill, that is not a neutral technical observation: it promotes evasion of security controls and content restrictions, which can enable data exfiltration, malware staging, and policy bypass.

Ssd 2

Medium
Confidence
89% confidence
Finding
The README explicitly markets the tool as a way to bypass platform file-format restrictions and conceal transferred content, which enables policy evasion and covert movement of arbitrary binaries. In the context of an agent skill, this is more dangerous because it could be used to exfiltrate payloads, malware, or restricted data through text-only channels that defenders may trust more than file uploads.

Ssd 2

Medium
Confidence
93% confidence
Finding
The use-case section promotes covert embedding of arbitrary files in images, code comments, and other innocuous carriers, which is a classic dual-use pattern for stealthy exfiltration and payload smuggling. Within a skill ecosystem, this materially raises abuse potential because the advertised workflows directly support hiding data transfers from users, platforms, and monitoring controls.

Ssd 2

Medium
Confidence
94% confidence
Finding
The skill frames covert text encoding and concealment as a means to evade file-transfer limits and restrictions, which meaningfully increases dual-use risk. In context, the combination of concealment, encryption claims, and policy-evasion language makes the skill more dangerous because it can facilitate smuggling data through channels intended only for text.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal