ClawHub

CAN: Clock Address Naming

Security checks across malware telemetry and agentic risk

Overview

This skill is a transparent local hashing and logging guide; its main risk is that it can leave persistent records or cached tool outputs on the user's machine.

Install this only if you want agents to keep a local audit trail of hashes, timestamps, labels, and possibly cached payloads. Treat ~/.can as persistent local memory: avoid logging secrets, credentials, personal data, or sensitive MCP/API results unless you intend to retain them and can delete or protect them later.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill positions itself as general 'Agent & MCP integration' and describes broad logging behavior without defining when it should activate, what tools or data classes it applies to, or what user approval boundaries exist. In an agent environment, ambiguous scope can cause the skill to attach to arbitrary MCP results and silently persist sensitive tool outputs, increasing the chance of unintended collection and misuse.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs agents to append hashes, timestamps, and semantic labels for tool outputs into a persistent local file under ~/.can/index.tsv, but provides no warning, consent mechanism, retention policy, or safeguards around what may be logged. Even if raw payloads are not directly written in every example, metadata and labels can still reveal sensitive activity, and implementers may extend the pattern to store raw MCP results or cache them alongside the index.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal