ClawHub

Dessix Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it gives an agent direct read/write/delete access to a local Dessix workspace with limited confirmation guidance.

Install only if you want your agent to access your local Dessix workspace. Treat this as write-capable access: use read-only searches first, confirm exact block or workspace IDs, review proposed changes, and require explicit approval before create, update, delete, or restore commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
82% confidence
Finding
The reference exposes create, update, delete, and restore operations on workspace blocks without clearly reflecting those destructive capabilities in the higher-level description. This can mislead users or downstream agents into treating the skill as primarily read-oriented, increasing the chance of unintended data modification or deletion in a local desktop workspace.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README explicitly promotes direct programmatic access to a local Dessix workspace and tool invocation, but does not warn that these operations may read, modify, or trigger actions affecting local user data and workspace state. In a local desktop-integrated skill, lack of safety guidance can lead users or downstream agents to invoke tools with broad trust assumptions, increasing the risk of unintended data access or destructive workspace changes.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill description is very broad and encourages direct programmatic access to a local Electron bridge, which can cause agents to invoke it in routine automation contexts without clearly understanding trust boundaries or data sensitivity. Because the bridge exposes local workspace read and write operations, ambiguous triggering increases the chance of unintended access or modification of user data.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The document includes concrete create and update workflows for local workspace blocks but does not require explicit user consent or a prominent warning before modifying persistent local data. In an agent setting, this can lead to silent or mistaken writes to the user's Dessix workspace, potentially overwriting content, creating misleading blocks, or corrupting local project state.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation lists destructive block operations such as delete alongside normal read/write tools without any warning, safety note, or confirmation requirement. In this skill's context—direct programmatic access to a local Dessix desktop workspace—an agent could invoke these tools and modify or remove user content with little friction, making accidental or policy-violating actions more likely.

VirusTotal

VirusTotal findings are pending for this skill version.