ClawHub

Clawhub Mirror

Security checks across malware telemetry and agentic risk

Overview

This mirror tool appears purpose-built, but it can redirect future ClawHub activity to alternate registries and has mismatched, under-scoped setup instructions.

Install only if you intentionally want ClawHub traffic and future skill operations routed through the listed mirror domains. Before running it, inspect the actual Python mirror lists, avoid adding any loader to your shell profile until you trust the selected endpoint, and be prepared to remove ~/.clawhub mirror config or reset CLAWHUB_SITE and CLAWHUB_REGISTRY if behavior changes unexpectedly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documentation describes capabilities to write files, modify environment variables, access the network, and invoke shell/PowerShell scripts, but there is no declared permissions model or explicit capability disclosure. This is dangerous because users may run a skill that persistently changes their shell environment and fetches configuration from network mirrors without informed consent or review.

Context-Inappropriate Capability

Medium
Confidence
76% confidence
Finding
A mirror configuration tool should not automatically execute the external `clawhub` CLI as part of setup, because this expands the tool's behavior from configuration into code execution of another program. In a hostile or compromised environment, a trojanized `clawhub` earlier in PATH could be run unexpectedly, turning a benign config step into arbitrary code execution under the user's privileges.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The skill is designed to prioritize China-based mirrors by default and does not present this as an opt-in choice, even though mirror selection affects trust boundaries, content provenance, and possible traffic routing through different operators. This increases supply-chain risk because users may unknowingly install packages from third-party mirrors instead of the official source.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The markdown states that the skill will automatically save persistent mirror configuration, but it does not prominently warn users that it will create files under the user profile and influence future sessions. Persistent configuration changes are risky because they can silently redirect future package operations to alternate registries long after the initial run.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The instructions tell users to modify their PowerShell profile to auto-load a script on every shell startup, but they do not clearly warn that this creates a persistent execution hook. This is more dangerous in context because the auto-loaded script comes from a user-writable directory and can alter environment variables or behavior for all future PowerShell sessions, creating a durable local persistence and tampering vector.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal