ClawHub

Safespace Rater

Security checks across malware telemetry and agentic risk

Overview

The skill’s security-auditing purpose is legitimate, but normal use can automatically download/build and run an unpinned external Go tool before auditing.

Review before installing. Prefer using a preinstalled, pinned, reviewed `safespace-rater` binary via `SAFESPACE_RATER_BIN` instead of letting the wrapper auto-build or `go install @latest`. Use local-only dry-run mode for private skills, and only publish or enable LLM fallback if you are comfortable sending audit-related data to external services.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The wrapper does more than invoke a local auditing tool: if the binary is missing, it automatically builds from the repository or fetches and installs code via `go install ...@latest`, then executes it. That creates a software supply-chain and unexpected code-execution risk that exceeds the stated purpose of auditing local skills, especially because users may not realize the script can modify the system and run newly retrieved code.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill is described as auditing and optionally publishing trust scores, but the script also retrieves executable code from a remote source with `go install github.com/vpn2004/SkillVet/cmd/safespace-rater@latest`. This hidden fetch/install behavior broadens the trust boundary and can expose users to compromised upstream packages or unexpected execution paths inconsistent with the declared skill behavior.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill repeatedly states that audit results can be uploaded to the SafeSpace network, but it does not clearly warn that this involves transmitting locally derived metadata or reports off-host, potentially to a public reputation system. In a security-audit context, users may reasonably assume analysis stays local unless explicitly told what data leaves the machine, so the omission creates privacy and confidentiality risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The quick-start section presents 'Audit + publish' as a normal workflow but does not include an immediate warning that running it will submit results to a remote network. Because quick-start commands are likely to be copied verbatim, this increases the chance of accidental disclosure of local skill inventory, trust assessments, or report excerpts.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
From the auto-build/install path through the final `exec`, the script can compile repository code, run `make build`, perform `go install`, and then replace itself with the resulting executable without any explicit warning or confirmation. In a skill intended for local auditing, silent execution and system modification make the behavior more dangerous because users are likely to expect analysis, not installation and arbitrary build steps that may run unreviewed build logic.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal