ClawHub

PowerfulHarp2041

Security checks across malware telemetry and agentic risk

Overview

The skill appears to support test-effort estimation and Excel export, with no verified evidence of hidden or harmful behavior in the available materials.

Before installing, inspect the bundled script and references and only run it on explicit project requirement inputs. Confirm it does not recursively scan unrelated directories or package local files into archives.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
82% confidence
Finding
The skill instructs the agent to read bundled reference files and invoke a local script, but it declares no permissions. That mismatch obscures the skill's actual capabilities and weakens consent and policy enforcement around filesystem access. In this context the risk is elevated because the skill is framed as a simple estimation/export tool, so undeclared file access is unexpected and could be expanded or abused by underlying implementation code.

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
A description-behavior mismatch is a serious integrity problem: the skill claims to estimate test effort and export results, but the flagged behavior indicates packaging arbitrary directories, walking the filesystem, and relying on hardcoded sample inputs instead of user requirements. If accurate, that enables unauthorized collection and exfiltration of local files under the guise of a business workflow, which is far more dangerous than the declared purpose suggests. The context makes this more dangerous because users would reasonably trust this skill with requirements documents, not broad filesystem traversal or archive creation.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal