ClawHub

Orders

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward local order tracker that stores and changes order records on the user's machine as described.

Install only if you want an agent-accessible local order file at ~/.orders/orders.json. Treat the stored records as business data, avoid putting secrets in order notes, and confirm order IDs before using update or cancel commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill advertises shell commands that write persistent data to `~/.orders/orders.json`, but the metadata does not declare any permissions or clearly signal that it performs local file writes. This can mislead a host or user about the skill's capabilities and weakens informed consent and policy enforcement around filesystem access.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The description is broad enough that an agent may invoke this skill for many generic order-related requests without clear boundaries or confirmation, increasing the chance of unintended execution. Because the skill can create, update, and cancel persisted orders, over-broad activation can lead to unauthorized or accidental state changes in local data.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation explicitly supports updating and canceling orders stored in a local JSON file, but it does not warn that these commands permanently modify persisted local state. In an agent setting, this lack of warning raises the risk of accidental destructive actions and reduces user awareness of data integrity consequences.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal