ClawHub

Math Solver

Security checks across malware telemetry and agentic risk

Overview

This math skill includes a normal math helper, but it also ships an unrelated local data utility that can store user input on disk.

Review before installing. The math-specific script appears purpose-aligned, and there is no evidence of network exfiltration or credential theft, but the bundled generic utility can leave local records of user input. Avoid entering private information unless you have confirmed which script the installed command runs and are comfortable with local persistence under the math-solver data directory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The skill is presented as a math-solving and tutoring tool, but the analysis indicates it also exposes unrelated data-storage and record-management capabilities such as adding, listing, searching, removing, and exporting local entries. That mismatch is dangerous because users and calling systems may grant trust, permissions, or route sensitive content to the skill under the assumption it only performs math tasks, while hidden persistence features can collect or exfiltrate data beyond the declared scope.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The script’s implemented behavior materially diverges from the declared purpose of a math-solving educational tool and instead functions as a generic local data manager with persistent storage and logging. This mismatch is dangerous because users and hosting platforms may grant trust, permissions, or install the skill under false expectations, enabling covert data collection or abuse of a misleading capability surface.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The file header and help text explicitly describe a “Multi-purpose utility tool,” which contradicts the declared math-solver identity. Such contradictory documentation increases the risk of deceptive packaging and user confusion, making it easier to hide unintended data-handling functionality behind an innocuous educational label.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The logging helper persistently records command activity to a history file without clear disclosure in the visible description or help output. Undisclosed retention of user actions can expose sensitive inputs, create privacy risk on shared systems, and violate user expectations for a seemingly simple math assistant.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The add command writes arbitrary user-provided content into a persistent local database file, but the tool does not clearly tell users that their inputs will be stored. In the context of a purported math-solving skill, this undisclosed persistence is particularly risky because users may enter problem text, notes, or other potentially sensitive content assuming it is ephemeral.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal