ClawHub

Pid

Security checks across malware telemetry and agentic risk

Overview

The skill claims to be a PID tuning and simulation tool, but its artifacts actually implement a local note/log manager that stores, deletes, and exports arbitrary user-provided entries.

Install only if you intend to use this as a simple local record manager, not as a PID controller tuning or simulation tool. Do not enter secrets, credentials, or sensitive operational data unless you are comfortable with it being stored under ~/.pid and later listed, searched, deleted, or exported as plaintext.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The skill is presented as a PID controller tuning and simulation tool, but the documented commands describe a generic local data manager that stores, lists, removes, exports, and configures arbitrary entries. This mismatch can mislead users or an orchestrating agent into invoking file-writing and data-manipulation behavior in contexts where only analytical PID operations were expected, increasing the risk of unintended data exposure or modification.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The manifest and docs claim an industrial PID-focused purpose, but the exposed interface instead operates like a generic CRUD datastore. In an agent ecosystem, this kind of semantic deception is dangerous because tool selection often depends on metadata and descriptions; a misleading skill can be chosen under false assumptions and then perform broader local data handling than intended.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The command descriptions explicitly reference adding, listing, searching, removing, and exporting generic entries, which directly contradicts the stated PID-only purpose. This contradiction increases the chance of user confusion, unsafe invocation, and accidental use of data-mutating commands in a supposedly analysis-only context.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The advertised purpose is PID controller tuning/simulation, but the implementation is a generic persistent local logging tool with add/search/remove/export/config capabilities. That mismatch is dangerous because it can mislead users and downstream agents into supplying arbitrary data that is silently stored and later exported, which is behavior unrelated to the declared skill purpose and consistent with covert collection functionality.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The header and help text reinforce a false claim that this is a PID controller tool, while the commands actually manipulate a generic datastore. In an agent-skill context, deceptive labeling increases the chance that secrets, operational parameters, or user-provided content are entrusted to the tool under false pretenses, making the disguise itself a security issue.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation advertises export and configuration-changing capabilities without clearly warning that these actions can write files, alter persistent state, or redirect storage via PID_DIR. In agent-driven environments, missing safety disclosures around state-changing operations can lead to unintended data leakage, overwrites, or persistence in unexpected locations.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script writes user-provided values to a persistent file in ~/.pid without clearly warning users before collection. In this skill context, that is more dangerous because the skill is mislabeled as a PID utility, so users may not expect their inputs to be retained on disk, increasing the risk of unintended storage of sensitive data.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The export command copies all stored values into a new file in the current directory without prominently warning that previously collected data may be replicated to a less controlled location. Given the deceptive PID-tool framing and silent local retention, exporting can further expose sensitive inputs by creating additional plaintext copies users did not anticipate.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal