ClawHub

Clawl Register

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its stated registration purpose, but it sends agent metadata to an undocumented default service and can overwrite a local clawl.json without the promised confirmation.

Review before installing or running. Use this only when you intend to publish agent metadata, inspect the generated clawl.json first, and run it in a directory where overwriting clawl.json is acceptable. Set CLAWL_API explicitly if you require registration to go to a specific Clawl-controlled host.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The script’s comments and help text state that gateway URLs were removed for security, yet runtime logic still references `opts.gateway` when deciding whether to ping a remote URL. This inconsistency can mislead operators and reviewers into believing gateway-based registration is disabled, while a crafted or legacy `--gateway` option could still trigger outbound requests to attacker-controlled infrastructure, creating SSRF-like or unintended network interaction risk.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger text is overly broad, especially phrases like 'Also use when asked about Clawl, agent discovery, or clawl.json,' which can cause the skill to activate in conversations that are merely informational rather than requesting registration. That increases the chance of unsolicited file generation, local metadata collection, or outbound network actions in contexts where the user did not intend those operations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal