ClawHub

ClawMate Work

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly a ClawMate workflow helper, but it asks the agent to bypass safer network controls with local shell curl calls that can trigger file-changing feedback actions.

Review this before installing if your ClawMate service can modify important files. Only use it in a trusted workspace with a known localhost:5533 ClawMate instance, confirm feedback actions before running `clawmate do`, and be aware that project setup may create git repositories, set local git identity, and commit files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill explicitly instructs the agent to use shell-executed curl against localhost and to avoid the safer web_fetch path because SSRF protections would block it. That expands the skill from file/project management into arbitrary local-network access via command execution, which can expose privileged internal services, bypass network safety controls, and create a path to further host compromise if parameters are influenced by user input.

Intent-Code Divergence

Medium
Confidence
85% confidence
Finding
The skill is presented as file management, preview, feedback, and project management, but it also directs repository initialization, git config changes, and commits. These are materially different side effects that modify the local environment and repository history, which can surprise users, affect attribution, and alter unrelated workflows if run in the wrong directory.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal