ClawHub

Valve

Security checks across malware telemetry and agentic risk

Overview

This skill is advertised as a valve sizing tool, but the artifact actually implements a local entry log with storage, deletion, export, and config features.

Review before installing. Use it only if you want a simple local entry logger, not a valve sizing or safety-critical engineering tool. Do not store secrets or sensitive operational data in it, and be aware it writes to ~/.valve, can delete entries, and can export stored data into the current directory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The script's advertised purpose is valve sizing and selection, but its actual behavior is a generic local data collection and note-management utility. This mismatch is dangerous because users may grant trust and install the skill for an engineering workflow while it quietly persists unrelated user-provided data, indicating deceptive functionality and possible pretext for data harvesting or later abuse.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The inline comments and help text repeatedly claim the script is a valve sizing tool, yet no such functionality exists in the code. Deceptive documentation increases risk because it conceals the true behavior of persistent local data handling and can socially engineer users into running or trusting software under false pretenses.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The script stores arbitrary user entries and configuration under the user's home directory even though that persistence is not justified by the declared valve-sizing use case. In context, this unjustified storage broadens privacy risk, creates hidden state, and reinforces that the skill is operating outside its expected scope.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation exposes state-changing commands such as add, remove, export, and config without warning that they write to disk, alter persistent local data, or may overwrite/export sensitive contents. In an agent setting, sparse documentation around destructive behavior makes accidental invocation more likely and reduces informed consent before modifying files under the user's home directory.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script writes data automatically to ~/.valve without a clear user-facing warning at the time of use. Hidden persistence is especially problematic here because the skill is presented as a valve-sizing tool, so users would not reasonably expect local note/config storage and may unknowingly leave sensitive operational or personal data on disk.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The remove command deletes stored data immediately based on a line number with no confirmation, dry-run, or undo support. While the impact is local and limited to the tool's own datastore, this still creates unnecessary risk of accidental data loss, especially since the tool silently stores data users may not realize exists.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal