ClawHub

Code Security Audit

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local security-audit skill, with expected scanning behavior and a few usage caveats around secret output and host permission checks.

Install this only when you want a local security audit. Run it in a private workspace or controlled CI job, because secret-detection matches can appear in terminal output or logs. Set PROJECT_DIR deliberately for tight scope, review the ~/.ssh permission check if host-level checks are unwanted, and avoid using the optional --no-verify bypass guidance as part of a real enforcement workflow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill heavily instructs the agent to run shell commands such as grep, curl, openssl, npm audit, and filesystem inspection, yet no explicit permissions are declared. That mismatch can cause the skill to be invoked with broader execution capability than users or policy expect, increasing the risk of unintended command execution against local files, repositories, or network targets.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The script inspects ~/.ssh, which is outside the declared project scope and reaches into the user's host environment. Even though it only reads permissions, that expands data access beyond the repository being audited and can expose sensitive host metadata unexpectedly.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The description is very broad and can match many generic requests about audits, reviews, scanning, and compliance. That increases the chance the skill is auto-selected in situations where shell execution, network probing, or secret scanning was not intended, which expands exposure and may surprise users.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
fi
done

[ $EXIT_CODE -ne 0 ] && echo "Use --no-verify to bypass (not recommended)"
exit $EXIT_CODE
```
Confidence
74% confidence
Finding
--no-verify

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal