ClawHub

cloud-product-compare

Security checks across malware telemetry and agentic risk

Overview

The skill appears aimed at legitimate public cloud documentation comparison, but it under-declares a local browser crawler and includes optional anti-detection behavior plus dormant auto-install code.

Review before installing. Use it only if you are comfortable running a local Playwright-based crawler against Aliyun and Huawei Cloud documentation, preferably inside a virtual environment with dependencies installed manually. Avoid --stealth unless you have a specific, legitimate need, and consider removing the dormant install helpers before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (8)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def _ensure_dep(package: str, pip_name: str | None = None):
    if importlib.util.find_spec(package) is None:
        print(f"[INSTALL] {package} ...")
        r = subprocess.run([sys.executable, "-m", "pip", "install", "--quiet", pip_name or package],
                           capture_output=True, text=True)
        if r.returncode != 0:
            print(f"[FAIL] {package}: {r.stderr}"); sys.exit(1)
Confidence
98% confidence
Finding
r = subprocess.run([sys.executable, "-m", "pip", "install", "--quiet", pip_name or package], capture_output=True, text=True)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
print("[OK] Chromium (cached)")
    except Exception:
        print("[INSTALL] Chromium (first download ~150MB) ...")
        r = subprocess.run([sys.executable, "-m", "playwright", "install", "chromium"],
                           capture_output=False, text=True)
        if r.returncode != 0:
            print("[FAIL] Chromium install"); sys.exit(1)
Confidence
97% confidence
Finding
r = subprocess.run([sys.executable, "-m", "playwright", "install", "chromium"], capture_output=False, text=True)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The manifest declares only `web_fetch`, but the skill content instructs use of Python scripts, dependency installation, browser automation, network access, and writing files to the workspace. This permission/capability mismatch is dangerous because reviewers or execution frameworks may underestimate the skill's real behavior, enabling shell execution, package installation, and file writes beyond the stated trust boundary.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The skill is presented as a document-reading/product-analysis assistant, but it actually orchestrates automated multi-page scraping with Playwright/httpx, local script execution, package installation, and an optional stealth mode to bypass automation defenses. This mismatch is risky because users may invoke it expecting passive analysis while it performs active browser automation and evasive collection behaviors against external sites.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The docstring claims the tool only checks for dependencies and requires manual installation, but the file still includes automatic installation routines. This mismatch is a security-relevant transparency failure: operators may trust the stated behavior while the codebase still contains mechanisms that can alter the system and fetch external code or binaries.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill includes an optional stealth mode even though its stated purpose is reading official product documentation. Anti-detection features are not necessary for benign doc collection and materially increase suspicion because they facilitate bypassing site defenses and terms-based access controls.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The code explicitly overrides `navigator.webdriver` to hide browser automation, which is a classic anti-detection technique. In the context of a documentation analysis skill, this is unjustified and dangerous because it enables evasion of site bot controls and normal user-consent boundaries.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The file includes automatic installation paths for both Python packages and Chromium, despite the active startup path calling dependency checks instead. Shipping code that can self-install software without strong, explicit, runtime user approval is risky because it normalizes environment mutation and external code retrieval in a skill that should be read-only.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal