ClawHub

Cache

Security checks across malware telemetry and agentic risk

Overview

This is a local cache tool with disclosed cache mutation and plaintext storage behavior, not hidden or malicious behavior.

Install only if you are comfortable with a local plaintext cache under ~/.cache-tool. Avoid storing API keys, tokens, or sensitive session data, export only to paths you intend to overwrite, and treat import files as trusted because imported keys can replace existing cache entries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill accepts user-controlled --output and --input paths and then opens those paths directly for writing or reading, allowing access to arbitrary files on the local filesystem within the agent's permissions. In an agent context, this exceeds the narrow 'local cache store' purpose and can be abused to overwrite sensitive files, exfiltrate data by importing readable files, or interact with unintended locations via symlinks.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The export/import feature is broader than necessary for basic cache management because it permits arbitrary file reads and writes rather than operating only on cache-owned files. That mismatch increases risk in an automated environment where the agent may be induced to access unintended files under the guise of cache operations.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documented `flush` and `delete` operations are destructive, yet the skill text provides no warning, dry-run option, or confirmation requirement. In an agent context, terse examples can normalize unsafe invocation and make accidental mass deletion of cached data more likely, especially for pattern-based flushes.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The notes state that `import` overwrites existing keys, but there is no strong warning or safer default behavior described. This can lead to silent data loss or cache poisoning of expected values if a user imports stale or untrusted data, and the risk is higher because the cache is persistent and local.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal