ClawHub

Wangwei Echo

Security checks across malware telemetry and agentic risk

Overview

This small echo skill has sloppy and inconsistent documentation, but its scripts only print fixed text and do not access files, credentials, networks, or persistent system features.

This appears safe from a security perspective, but it is low quality and misleading: do not rely on it in automation expecting true echo behavior. Install only if you are comfortable with scripts that currently print fixed "abc" output and inconsistent documentation that should be corrected by the publisher.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The skill metadata and documentation claim simple echo behavior, but the described behavior indicates the implementation may output hardcoded content and perform repeated output not requested by the user. This mismatch is dangerous because users or orchestration systems may grant the skill trust or invoke it under false assumptions, enabling unexpected actions or spammy behavior.

Intent-Code Divergence

Medium
Confidence
84% confidence
Finding
The documentation repeatedly describes backup operations while the skill is presented as an echo skill, creating conflicting operator expectations about what the scripts do. Misleading operational docs increase the risk of accidental execution of the wrong capability and make review and approval of the skill unreliable.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The script behavior does not match the stated skill purpose: instead of echoing user input, it emits a hardcoded string many times. This is dangerous because it is deceptive and can break downstream workflows or mislead users and calling agents about what action was actually performed, even though it does not directly enable code execution or data theft.

Intent-Code Divergence

Low
Confidence
90% confidence
Finding
The comments and usage text claim the script echoes a supplied argument, but the implementation never references positional parameters. This mismatch is a security-relevant integrity issue because inaccurate documentation can cause users or agents to trust behavior that is not actually present, increasing the chance of misuse or unsafe automation assumptions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal