ClawHub

Clipbox

Security checks across malware telemetry and agentic risk

Overview

ClipBox is a local snippet and activity logger that saves user-entered text on disk, with no evidence of network access, credential use, hidden execution, or destructive behavior.

Install only if you are comfortable with ClipBox saving anything you enter into local log files under ~/.local/share/clipbox. Do not store passwords, API keys, private keys, confidential code, or sensitive notes unless you are prepared to manage and delete those files yourself.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

High
Confidence
93% confidence
Finding
The implementation materially diverges from the declared purpose: instead of a snippet storage/retrieval tool, it exposes a broad pseudo-devtools interface. This kind of capability/description mismatch is dangerous because it can mislead users and host systems about what the skill actually does, reducing scrutiny and enabling inappropriate invocation or data handling under false expectations.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The large set of unjustified developer-tool-style commands expands the apparent attack surface and creates ambiguity about what the skill is authorized to do. Even though these commands currently only log input, the mismatch makes the skill more dangerous in context because users may provide sensitive code, commands, tokens, or diagnostic data to functions that are unrelated to snippet management.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
Labeling the script as a 'devtools toolkit' while the manifest presents it as a snippet organizer is a trust and transparency failure. This inconsistency can cause operators or automated reviewers to classify the skill incorrectly, which may lead to unsafe deployment decisions and less informed user consent.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly records user-supplied input to local log files with timestamps, but it does not prominently warn users that anything they enter may be persisted on disk. In a snippet/code-template context, users may paste secrets, tokens, internal code, or sensitive incident notes, creating unintended local data retention and later exposure through search/export features.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
User-supplied input is written verbatim to persistent log files in the user's home directory without explicit notice, consent, retention limits, or redaction. In this skill context, users may reasonably paste reusable code fragments, commands, secrets, or internal text snippets, so silent persistence increases the risk of local sensitive-data exposure far beyond what the manifest suggests.

VirusTotal

47/47 vendors flagged this skill as clean.

View on VirusTotal