ClawHub

Data Harvester Pro

Security checks across malware telemetry and agentic risk

Overview

The skill does not appear malicious, but it overstates live scraping and market-data capabilities while accepting arbitrary local file paths in batch mode.

Install only if you understand this behaves more like a demo/static-data helper than a reliable scraper or financial research tool. Do not rely on its stock, fund, news, or price outputs for business or investment decisions, and use batch mode only with URL-list files you intentionally created and know contain no sensitive data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill advertises file and network-driven behavior via tool dispatch and batch URL processing, but it does not declare corresponding permissions or user-visible safety boundaries. This creates a transparency and control gap: users and the hosting platform may not realize the skill can read local files and access remote resources, increasing the risk of unintended data access or scraping activity.

Tp4

High
Category
MCP Tool Poisoning
Confidence
92% confidence
Finding
The documented purpose is batch scraping for competitor analysis, but the described behavior extends into stock lookups, sector/fund data, news retrieval, local file ingestion, and export workflows that are not cleanly aligned with the declared scope. Scope mismatch is dangerous because it obscures actual capabilities, making it easier to smuggle in data collection, local file access, or market-data functions users did not intend to authorize.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal