ClawHub

Valuation

Security checks across malware telemetry and agentic risk

Overview

This skill is presented as valuation modeling, but the artifacts show a local plaintext logging tool that can retain sensitive financial notes and has misleading command behavior.

Treat this as a local logging utility, not a valuation modeler. Do not enter confidential company financials, deal terms, board directives, client data, or regulated information unless persistent plaintext files under ~/.local/share/valuation are acceptable and managed separately.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Tp4

High
Category
MCP Tool Poisoning
Confidence
98% confidence
Finding
The manifest and description present this as a financial valuation skill, but the documented behavior is actually a generic local logger that stores arbitrary input, supports search, and exports accumulated data. This mismatch is dangerous because users may provide confidential valuation assumptions, company financials, or board-sensitive notes expecting modeling functionality, while the skill instead persists that data in plaintext and broadens exposure through history, search, and export features.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The skill is represented as a DCF/comparable-analysis tool, but nearly all documented commands are for append-only logging, searching, and exporting data. In a security context, deceptive or misleading capability claims are risky because they can induce users or higher-level agents to route sensitive business information into a persistence layer they did not intend to use.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The 'When to Use' and example guidance encourage users to record valuation runs, discount rates, portfolio revaluations, and similar sensitive business content, but the documented implementation only logs and exports those entries. This increases the chance that confidential financial information, strategic assumptions, or compliance-related notes are stored in plaintext without users realizing the operational and privacy consequences.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The script does not implement the advertised valuation functionality and instead acts as a generic local input logger/search/export utility. This mismatch is dangerous because users may provide sensitive financial, strategic, or client data under the assumption it is being processed for valuation, while the tool silently persists that data to disk in plaintext.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The help text advertises `export <fmt>` as a data export feature, but the first `export)` dispatch branch only logs arbitrary user input and prevents the later `_export` branch from ever being reached. This deceptive behavior can cause users to enter export-related arguments or data expecting file conversion while the tool instead stores them persistently, increasing accidental data retention risk.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The help text presents `status` as a health-check command, but the first `status)` branch logs arbitrary input and shadows the later `_status` implementation. This inconsistency is risky because users may provide diagnostic or environment details expecting status output, but the tool instead writes those details to local logs without clear disclosure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly stores entries locally and supports export, yet it does not warn that potentially sensitive company-specific valuation data may be written in plaintext to predictable files and later exported wholesale. In the context of valuation workflows, inputs may include nonpublic financial metrics, forecasts, discount rates, and investor-facing materials, making silent plaintext persistence a meaningful confidentiality risk.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
User inputs are written verbatim to log files under `~/.local/share/valuation` across many commands, with no consent, masking, retention limit, or warning in the help output. In the context of a valuation skill, inputs are likely to contain confidential company financials, projections, deal terms, or client information, making plaintext persistence materially sensitive.

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal