ClawHub

Mrc Monitor

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it monitors canteen token status, sends readiness notifications, and exits after completion or a bounded timeout.

Install only if you want a background monitor that polls the MRC Firebase order database every 15 seconds and posts updates to your current channel. Use clear commands like "mrc 73" and clear the local logs if token numbers or channel IDs are sensitive.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill instructs the agent to spawn a shell-accessing Python process and perform network access to Firebase, but the manifest declares no corresponding permissions. This creates a capability mismatch that can bypass expected policy review and increases the risk of unvetted code execution and outbound communication under the guise of a simple monitoring skill.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger logic says to act when the user sends any command containing canteen tokens, and the quick-start flow immediately extracts numbers and starts monitoring. In practice this is broad enough to activate on unrelated messages containing numbers, causing unintended background jobs, unnecessary Firebase polling, and notifications in the user's channel.

Vague Triggers

Medium
Confidence
97% confidence
Finding
The instruction to extract all numbers from the user message is unsafe because it can capture unrelated numeric data such as dates, counts, phone fragments, or IDs and pass them as monitored tokens. That can trigger unwanted monitoring requests, increase load on the backend, and potentially expose status information for tokens the user did not intend to query.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal