ClawHub

online-file-repair-skills

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it uploads a user-selected damaged file to a disclosed third-party repair service, with some bounded local quota state and optional local download behavior users should understand.

Install only if you are comfortable sending the selected file to Tenorshare 4DDiG and its presigned storage backend. Do not use it for confidential, regulated, or highly sensitive files; expect a local daily usage counter and optional local repaired-file output when download mode is requested.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill enforces a hidden local per-day quota by reading and writing `limit.json` in the executable directory, behavior that is unrelated to the core file-repair function and not disclosed in the interface. This creates undeclared stateful behavior on the host, can arbitrarily deny service after a few runs, and may interfere with multi-user or shared environments.

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
Although the skill description says it repairs files and provides an output download URL, the code also supports `--download` and writes the repaired file to local disk next to the original input. This expands the skill's side effects beyond the stated contract and can overwrite storage expectations, create sensitive local artifacts, or violate sandbox assumptions.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill uploads the full input file to a third-party service to obtain a repair result, but the code contains no explicit user-facing warning, consent check, or data-classification guard. Because the supported types include sensitive documents, archives, and design files, this can exfiltrate confidential user content outside the local environment.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal