ClawHub

political-struggle-history

Security checks across malware telemetry and agentic risk

Overview

This is a history explanation skill with an optional Tavily web-search mode, not a destructive or deceptive tool.

Safe to install for bundled historical explanations. Only use `--search` when you are comfortable sending the event/query to Tavily and using a Tavily API key; avoid sensitive queries, and keep any Bash use limited to the packaged `scripts/search_views.py` command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The instructions expand a static reference-based history skill into one that executes Bash and calls an external search workflow. This broadens the attack surface: prompt-triggered command execution, dependency on external content, and possible exposure of sensitive query terms or environment configuration to a third-party service.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill tells users to set an external API credential for a task that otherwise appears informational. Encouraging credential setup inside a broadly triggered skill increases the risk of accidental secret exposure, misuse of paid API resources, and normalization of entering sensitive tokens for low-risk tasks.

Context-Inappropriate Capability

Low
Confidence
84% confidence
Finding
Authorizing direct Bash troubleshooting beyond the core explanation task permits extra command execution paths not needed for normal use. Even without obvious malicious payloads here, unnecessary shell access increases operational risk and can turn malformed inputs or future script changes into command-execution issues.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The script performs live external searches against Tavily using user-supplied event names, which extends the skill from static historical explanation into networked data retrieval from third parties. This increases the attack surface through data exfiltration, dependency on untrusted remote content, and behavior that is broader than the declared skill purpose.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The script accesses an API credential from the environment to call an external search provider, introducing a secret-dependent capability not implied by a simple explanatory history skill. While reading an environment variable is common, here it enables outbound data flow and third-party service access that should be tightly scoped and disclosed.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
User-provided event names are embedded into search queries and sent to an external API without any clear notice that the input leaves the local environment. Even if the input is usually historical topics, this still creates a privacy and transparency issue because users may provide sensitive or identifying context.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal