ClawHub

senior-java

Security checks across malware telemetry and agentic risk

Overview

This mostly behaves like a Java/Spring development toolkit, but its listing metadata claims unrelated purchase/crypto capabilities and some generated guidance needs careful review before use.

Review before installing. Use the tools only in a version-controlled or fresh output directory because generated files may overwrite existing code. Do not rely on the listing's purchase/crypto capability tags without publisher clarification, and harden any copied actuator, metrics, GC log, or JFR examples before using them in production.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill advertises and instructs use of multiple Python scripts that can read/write files, invoke shell commands, and access network resources, yet it declares no permissions or capability constraints. This creates a transparency and enforcement gap: an orchestrator or reviewer may treat the skill as low-risk while it can scaffold projects, analyze local files, profile endpoints, and potentially modify the workspace or contact external services.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The guide recommends exposing Spring Boot observability endpoints and enabling GC/JFR recording/log files, but it does not warn that metrics, profiling artifacts, and exposed actuator endpoints can leak sensitive operational details if left broadly accessible in production. In an enterprise Java/Spring skill, this omission is more dangerous because readers may copy the configuration directly into internet-reachable services, increasing the chance of information disclosure and attack surface expansion.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal