ClawHub

Json Repair Kit

Security checks across malware telemetry and agentic risk

Overview

This JSON repair skill should be reviewed because it fixes files by executing their contents as JavaScript, which can run unexpected code and rewrite local files.

Install only if you understand that malformed files are treated as JavaScript and executed during repair. Use it only on trusted local files, avoid recursive mode on downloaded or large project trees, keep backups enabled, and review diffs before relying on repaired output. Prefer a JSON5 or JSON repair tool that parses without executing input.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill’s stated purpose is JSON repair, but the documented approach parses malformed input by evaluating it as JavaScript in Node’s VM. That materially expands behavior from syntax normalization into execution of attacker-controlled expressions, which can trigger side effects during parsing and makes the tool unsafe for untrusted files; recursive directory repair further amplifies the blast radius.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
This code treats malformed JSON as JavaScript and evaluates attacker-controlled content with Node's vm. Even in a separate context, evaluating untrusted expressions is dangerous and unjustified for a JSON repair utility because the input can trigger unexpected code execution behavior, denial of service, or sandbox escape risks depending on runtime behavior and future code changes.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The comment labels vm parsing as a 'safe sandbox', which is misleading because the function still executes untrusted input as JavaScript. This mischaracterization increases risk by encouraging maintainers and users to trust a dangerous design, making unsafe execution more likely to persist or be reused elsewhere.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
In directory scan mode, invalid .json files are automatically rewritten in place once discovered, without a confirmation step or a dry-run warning at the moment of modification. In a bulk-processing skill, this can cause unintended data loss or corruption of many files if the repair logic misparses input, especially since the fallback path executes non-JSON JavaScript-like syntax and then serializes the result.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal