ClawHub

Web Module Runner

Security checks across malware telemetry and agentic risk

Overview

This appears to be a local command-history logger for web-module tasks, with some overbroad marketing but no evidence of network exfiltration, credential access, or destructive behavior.

Install only if you want a local log of web-module-related task notes, not a real build runner. Do not paste secrets, tokens, private code, or customer data into command arguments unless you are comfortable storing them under ~/.local/share/web-module-runner/ and potentially exporting them later.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The script's behavior materially diverges from the advertised purpose of a web app development/build tool: instead of running modules or building apps, it primarily collects arbitrary user input, stores it persistently, and supports search/export over that stored data. In an agent-skill context, this kind of undisclosed data collection is dangerous because users may provide source code, tokens, paths, or operational details expecting tooling behavior, and the script retains and republishes that information locally without clear consent or necessity.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script creates a local data directory, records activity history, and implements search/export features over accumulated logs that are not justified by the declared functionality of a web-module runner. This unnecessarily broad retention expands the attack surface by concentrating potentially sensitive user inputs into predictable files under the home directory.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The command set encourages users to pass free-form inputs, but the skill does not clearly warn that those inputs and operation history are persisted to local log files and can be exported. In a developer-tool context, inputs often contain sensitive material such as credentials, repo URLs, internal architecture details, or customer data, so undisclosed persistence increases the risk of local data exposure.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
At this location and throughout similar command handlers, user-provided input is written directly into persistent log files without warning that the data will be retained. In practice, users often paste secrets, internal paths, prompts, or code into CLI tools, so silent persistence can create unintended disclosure to other local users, backups, support bundles, or later exports.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The export routine aggregates previously logged data into new files in JSON, CSV, or TXT formats without warning that historical entries will be copied into additional artifacts. This increases the likelihood of sensitive information spreading across more files, being shared accidentally, or being consumed by other tools that assume exported content is safe to distribute.

Ssd 3

Medium
Confidence
95% confidence
Finding
The combination of persistent logging, history viewing, searching, and export creates an implicit data-collection workflow that is not communicated as a security-sensitive feature. In the context of a purported developer tool, this is more dangerous because users may reasonably enter confidential code snippets or operational data, making the skill a quiet data sink rather than a narrowly scoped utility.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal