ClawHub

Netmap

Security checks across malware telemetry and agentic risk

Overview

This is a coherent network-mapping skill, but it automatically sends local device MAC addresses to an outside vendor lookup service without clearly warning the user.

Install only if you are comfortable with local network inventory being stored on disk and MAC addresses being sent to api.macvendors.com for vendor lookup. Use it only on networks you own or administer, avoid sudo unless needed, and consider removing or disabling the online vendor lookup before use in privacy-sensitive environments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (7)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
VENDOR_CACHE_FILE = Path.home() / '.config' / 'netmap' / 'vendor_cache.json'
DB_FILE.parent.mkdir(parents=True, exist_ok=True)

NMAP_PATH = subprocess.run(['which', 'nmap'], capture_output=True, text=True).stdout.strip() or 'nmap'


def load_vendor_cache():
Confidence
82% confidence
Finding
NMAP_PATH = subprocess.run(['which', 'nmap'], capture_output=True, text=True).stdout.strip() or 'nmap'

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill invokes shell commands, performs network scanning, and reads/writes a persistent device database, yet no permissions are declared. That creates a transparency and consent gap: an agent or user may trigger network enumeration and local persistence without an explicit capability warning, which is risky for privacy-sensitive environments and can violate least-privilege expectations.

Tp4

High
Category
MCP Tool Poisoning
Confidence
92% confidence
Finding
The documented behavior understates what the skill actually does: contacting an external vendor lookup service can leak MAC-address-derived device information off-host, and deep port scanning materially increases the intrusiveness of the operation beyond simple discovery. This mismatch undermines informed consent and can expose sensitive network inventory data or trigger policy violations in managed environments.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The skill is presented as a local-network mapper, but it sends observed MAC addresses to a third-party service for vendor lookup. That leaks internal network metadata off-device without explicit disclosure or consent, which is especially sensitive because MAC addresses and device inventories can help fingerprint a home or office environment.

Context-Inappropriate Capability

Low
Confidence
86% confidence
Finding
The subnet detection method opens a network connection toward 8.8.8.8 to infer the local interface, creating outbound traffic that users would not reasonably expect from a local scanner. While it does not transmit the full device inventory, it still violates the expectation of purely local operation and can leak usage/network metadata.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill maintains a persistent inventory of devices, including identifiers and timestamps, but the description does not clearly warn users about this ongoing local data retention. Persistent network inventories can reveal household or office topology, device ownership patterns, and presence history, increasing privacy risk if the file is later accessed by other local processes or users.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script transmits MAC-derived metadata to an external vendor-lookup API without user warning or opt-in. In a network inventory tool, this is dangerous because it silently exposes information about devices present on the local network to a third party.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal