ClawHub

Review Responder

Security checks across malware telemetry and agentic risk

Overview

This skill mostly provides review-response templates, but its advertised command appears to run an unrelated local data utility that silently stores entered text.

Review before installing. The template script itself is low risk, but verify which executable the review-responder command invokes. Do not enter private customer details, order identifiers, or sensitive business review text into the generic helper unless local retention under ~/.local/share/review-responder is acceptable and you have a plan to remove it manually.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The script does not implement the advertised review-response functionality and instead behaves as a generic local logging/data utility. This mismatch is dangerous because users may run it expecting a constrained assistant, while it quietly stores and exposes arbitrary input data, increasing the chance of unintended data collection and misuse.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The tool metadata and inline description present a review-response assistant, but the help text identifies it as a multi-purpose utility tool. This contradiction undermines user trust and informed consent, making it easier to disguise broader data-handling behavior than users would reasonably expect from the stated skill context.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill description and trigger phrasing are broad enough that an agent may invoke it on generic review-related text without clear boundaries, user confirmation, or context checks. Over-broad activation can cause unintended handling of customer content, inappropriate automated responses, or routing of unrelated conversations into this skill.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The script creates and uses a persistent local data directory and files without informing the user that data will be stored on disk. In a skill presented as a review assistant, users may input customer reviews or operational text that could be sensitive, so undisclosed persistence creates privacy and retention risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The logging function records command arguments to a history file without warning, which can capture sensitive review content, identifiers, or other private business data entered by the user. Because this skill is supposed to help draft and analyze review responses, the contextual likelihood of handling customer text makes silent argument logging more dangerous.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal