ClawHub

Arxiv Agentic Verifier

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it runs submitted code directly on the user’s machine without enforcing a sandbox.

Install or use this only inside a disposable container or sandbox with no secrets, limited filesystem access, and restricted networking. Do not verify untrusted or confidential code on your main machine, and do not submit proprietary code unless sending it to OpenAI is acceptable for your organization.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill writes attacker-controlled code to disk and executes it locally with `execSync` using the host Python or Node runtime. This is direct arbitrary code execution on the host, enabling file access, process spawning, network access, credential theft, and lateral movement if the skill is used on untrusted inputs.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill sends the full problem description and candidate code to the OpenAI API, which can expose proprietary source code, confidential prompts, or sensitive embedded data to an external service. Because there is no clear disclosure, consent flow, or minimization, users may unknowingly exfiltrate sensitive material off-box.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The comment acknowledges the need for sandboxing, but the implementation still executes untrusted code directly on the host. This mismatch can cause operators or reviewers to underestimate the risk and deploy the skill in environments where arbitrary code execution leads to compromise.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill persists untrusted code to a temporary file and executes it without any user confirmation or warning. In this context, the feature materially increases danger because the stated purpose is code verification, yet it performs host-level execution of adversarial candidate programs, which is precisely the threat model for competitive code submissions.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill transmits problem descriptions and candidate code to an external API without a clear user-facing disclosure or confirmation. Even if intended for generating tests, this can leak proprietary algorithms, interview questions, or embedded secrets and violates user expectations about local handling of submitted code.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal