ClawHub

Text Directory Archiver

Security checks across malware telemetry and agentic risk

Overview

The skill is a useful text archiver, but its unpacker can write or remove local files and create symlinks from untrusted text without strong containment or warnings.

Use this only with archives you trust, and unpack into a new empty temporary directory first. Before running the unpack command, inspect the manifest for absolute paths, '..' path segments, symlinks, executable files, and unexpected destinations; do not execute restored code until reviewed. The clean static scan and absent VirusTotal telemetry do not remove the local file-write risks shown in the script.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The unpack path will create attacker-controlled symbolic links directly from archive content. When restoring an untrusted archive, this can place links pointing outside the output directory or at sensitive locations, enabling later writes, confusion, or abuse by other tools/users that interact with the restored tree. In the context of a plain-text project packaging tool, symlink restoration materially increases risk compared with ordinary file extraction.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The unpack workflow restores files into a target directory automatically, but the skill does not prominently warn about overwriting existing files, creating unexpected paths, or modifying local data. This can lead to accidental data loss or unintended filesystem changes when users run the command on important directories.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The protocol encourages users to reconstruct full project trees directly from chat-generated text without instructing them to inspect or validate untrusted content first. In this context, chat content is an untrusted source and may include dangerous files, deceptive paths, or code that appears benign but becomes harmful once written and executed locally.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The unpack routine creates directories/files and may delete pre-existing paths with only minimal status output and no safety confirmation. If used on the wrong destination or with a crafted archive, this can overwrite or remove local content unexpectedly, which is especially dangerous for a restoration tool handling untrusted input.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal