ClawHub

Validator

Security checks across malware telemetry and agentic risk

Overview

This is a real validator tool, but it can make outbound URL/DNS requests and has unsafe file-name handling that could execute unintended code.

Install only if you are comfortable with this skill making outbound HTTP requests and DNS lookups for supplied URLs/domains. Do not use the JSON or YAML file validators on untrusted or oddly named files until the script is fixed to pass filenames through argv or environment variables instead of embedding them into Python code.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill exposes shell execution and environment access capabilities via documented script commands, but it does not declare any permissions. This creates a transparency and policy-enforcement gap: systems or users may treat the skill as low-risk while it can invoke local commands and potentially make networked checks through helper tools.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The stated purpose emphasizes simple input-format validation, but the documented behavior also includes file parsing, credit-card processing, outbound HTTP checks with curl, and DNS lookups with dig. This mismatch can mislead users and security controls about the true attack surface, especially where network access or sensitive data handling would otherwise require additional scrutiny.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The URL validator performs a live HTTP request with curl after format validation, which turns a local validation action into outbound network activity. This can leak user-supplied URLs to external systems, trigger unintended requests to internal or sensitive endpoints, and create SSRF-like behavior if an upstream agent passes untrusted input.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
Outbound HTTP requests on attacker-controlled input are dangerous because they can be used to probe arbitrary hosts, including internal services, metadata endpoints, or otherwise inaccessible resources. Even though the script only reports status codes, the network side effect itself is enough to enable SSRF-style scanning and privacy leakage in agent environments.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The domain validator performs DNS resolution, which exceeds offline format validation and causes external network interaction on user-controlled input. While lower risk than full HTTP fetching, it still leaks queried domains, can aid reconnaissance, and may be unexpected in constrained or privacy-sensitive environments.

Missing User Warnings

Low
Confidence
84% confidence
Finding
URL validation is documented as a validation operation, but it may perform an outbound HTTP check when curl is available. That can trigger unintended requests to attacker-controlled or internal endpoints, creating SSRF-like risk, metadata leakage, or surprising network side effects from what appears to be a harmless local validation step.

Missing User Warnings

Low
Confidence
82% confidence
Finding
Domain validation may perform DNS lookups, but the documentation does not clearly warn users about this network behavior. Even a DNS query can leak sensitive target names, interact with attacker-controlled infrastructure, or surprise users who expected only local format validation.

Missing User Warnings

Low
Confidence
94% confidence
Finding
The script issues network requests during URL validation without explicit warning or consent, which is unsafe for a tool presented as an input validator. Hidden network behavior increases the chance that users or higher-level agents will unknowingly send sensitive or internal URLs to external destinations.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The DNS lookup occurs silently as part of domain validation, creating undisclosed outbound traffic. In agent or enterprise environments, even simple DNS queries can disclose sensitive targets or violate expectations about offline validation tools.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal