ClawHub

Dragnet

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly local and disclosed, but it scans sensitive workspace history and overstates a “verified” profile signature that anyone with the skill can reproduce.

Install only if you intentionally want to generate a Dragnet marketplace profile from this workspace. Review the draft and final JSON carefully before upload, remove private names, locations, project details, secrets, and conversation summaries, and treat the signature as self-attestation rather than strong proof of identity or expertise.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The script's 'verification' is only an HMAC generated with a hardcoded local key embedded in the client-side code. Anyone who can read the script can reproduce valid signatures for arbitrary profiles, so the signature does not provide independent proof of builder identity or marketplace trustworthiness. In the context of a skill that claims to generate a 'verified' marketplace profile from sensitive workspace data, this is more dangerous because it can mislead users and relying parties into trusting forged credentials.

Intent-Code Divergence

Low
Confidence
91% confidence
Finding
The docstring describes the output as a signed and verified profile in a way that overstates the security properties of the mechanism. Because the implementation uses only a local hardcoded HMAC key, this wording can create a false sense of authenticity and cause downstream users to accept profiles as trustworthy when they are easily forgeable. Given the skill's purpose of proving builder credentials, misleading security claims materially increase the risk of misuse.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The manifest description includes broad activation language such as 'Use when you want to get listed on dragnet.unrelated.works, generate or update your Dragnet profile, or validate your builder credentials,' which can match common user intents without a narrowly scoped trigger. Because the skill performs wide workspace scanning across identity, memory, conversations, installed skills, and configs, accidental invocation can expose or process sensitive local context beyond what the user explicitly intended.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Embedding the signing key directly in the source exposes the secret to every user of the skill and to anyone inspecting the package. This makes the key non-secret in practice, enabling arbitrary profile signing and undermining any trust model built on the signature. In a credential/profile-generation skill, this directly supports impersonation and forged attestations.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal