ClawHub

Lockout

Security checks across malware telemetry and agentic risk

Overview

This looks like a local lockout/tagout record manager with some under-documented local persistence, not evidence of malicious behavior.

Install only if you are comfortable with the skill keeping local lockout/tagout records and configuration on disk. Before using it for operational safety records, confirm where it stores data, how remove/export behave, and whether your organization requires stricter retention, review, or audit controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The implementation materially exceeds the stated purpose of a lockout/tagout procedure manager by acting as a generic local log and configuration tool. This kind of scope mismatch is dangerous because users or orchestrating agents may grant trust based on the declared safety-focused purpose while the script actually stores arbitrary content, edits config, and exports data, increasing the chance of unintended data handling and misuse.

Context-Inappropriate Capability

Low
Confidence
87% confidence
Finding
The generic configuration store is unrelated to the advertised lockout-task management function and creates an unnecessary write surface. Even though it is local-only, it can be used to persist arbitrary key/value data under the trusted application directory, which broadens behavior beyond user expectations and can enable abuse by higher-level agents or workflows.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The documentation advertises state-changing operations like add, remove, config, and export without warning that they can modify persistent local data or write files to disk. In an agent context, this increases the risk of unintended data loss, accidental overwrites, or exporting sensitive operational records if a user request is interpreted too broadly.

Missing User Warnings

Low
Confidence
81% confidence
Finding
The script performs persistent configuration writes immediately when `config <key> <value>` is invoked, without prior warning about where data is stored or what will be changed. In an agentic context, silent persistence is risky because users may believe they are performing a transient action while the tool modifies on-disk state that can affect later runs or leak operational details.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal