ClawHub

skill shield

Security checks across malware telemetry and agentic risk

Overview

This is mostly a security scanner, but it also includes under-disclosed Moltbook posting code with a hardcoded token and an advertised signature check that is not implemented.

Review before installing. Use the local scanner only if needed, do not run upload_to_moltbook.py unless you intentionally want to post to Moltbook, treat the bundled Moltbook token as exposed, and do not rely on the signature verification feature until real cryptographic verification is implemented.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
77% confidence
Finding
The skill advertises scanning and verification features that inherently imply access to files, environment data, network resources, and shell execution, but the manifest shown does not declare any permissions. Undeclared capabilities create a transparency and trust problem: users and hosts cannot accurately assess what the skill may access, and hidden effective privileges increase the risk of abuse or unintended overreach.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The documented purpose is a local security scanner, but the finding indicates additional behaviors involving Moltbook monitoring, external API interaction, promotional posting, and an embedded fallback API key. That mismatch is dangerous because users may invoke a trusted security tool expecting offline analysis while the skill actually communicates externally and can act on third-party services, creating data exposure, account misuse, and supply-chain trust risks.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The skill advertises signature verification as a security feature, but the implementation is only a placeholder that always returns unverified. This can mislead users into believing publisher authenticity was checked when it was not, weakening trust decisions and supply-chain defenses.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
A hardcoded API credential is embedded directly in the script as a fallback value, which can expose a live secret to anyone with source access and enables unauthorized use of the Moltbook account. Because this repository is for a security-scanning skill, bundling unrelated publication credentials increases trust risk and broadens the attack surface beyond the stated purpose.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The file performs external content publication to a third-party service, which is behavior outside the advertised function of a skill security scanner. In a security-focused package, undisclosed network-posting capability is more suspicious because users may grant trust assuming only local analysis, creating risk of unexpected outbound activity and misuse of bundled credentials.

Vague Triggers

Medium
Confidence
73% confidence
Finding
The trigger list contains broad phrases such as 'security scan', 'check skill', and 'verify skill' that can plausibly appear in ordinary conversation. Overbroad triggers can cause accidental invocation of a skill with file, network, and shell capabilities, which is especially risky here because the skill claims broad security functionality and may perform external interactions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal