ClawHub

minium-test-generator

Security checks across malware telemetry and agentic risk

Overview

This is a local Minium test-generation helper with privacy and scope caveats, but its file access and code generation are disclosed and fit its purpose.

Reasonable to install for Minium test generation. Before using it, redact sensitive values from recorded scripts, provide only the intended test directory, review generated diffs before running them, and remove or ignore the bundled .idea Sweep auto-approval file if you use that IDE assistant.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill explicitly instructs the agent to read existing project files, inspect directory structures, and create or append files, but it does not declare any permissions for file access. This creates a transparency and policy-bypass risk because the agent may perform file read/write operations users or hosting systems did not clearly authorize through the manifest.

Tp4

High
Category
MCP Tool Poisoning
Confidence
86% confidence
Finding
The declared description says the skill converts Minium recordings into test cases and page objects, but the body also describes validation workflows, checklist/report generation, and codebase inspection behaviors not reflected in the declared purpose. This mismatch can mislead users and automated governance systems about what the skill will actually do, reducing informed consent and weakening review controls.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger phrases are broad enough to activate on common requests such as generating test cases or parsing scripts, without strong constraints that the user is specifically invoking this skill. Overbroad activation can cause unintended handling of user content and unnecessary file-oriented workflows in contexts where the user did not mean to invoke this particular behavior.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The primary trigger section includes ambiguous activation conditions like 'help me generate test cases' and direct pasted code, which are common across many benign development tasks. This increases the chance of accidental invocation and can lead the agent to request paths, inspect directories, or propose file writes outside the user's actual intent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide explicitly tells users to copy and send the full recorded `.py` script into chat, but it provides no warning or redaction guidance for secrets, tokens, internal URLs, test accounts, cookies, or business data that may be embedded in recorded automation scripts. Because this skill is specifically designed to ingest exported test scripts, the context increases the likelihood that users will share sensitive code or environment-specific data, making accidental data disclosure a realistic risk.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
  <component name="dev.sweep.assistant.components.SweepConfig">
    <option name="autoApprovedTools">
      <set>
        <option value="list_files" />
        <option value="read_file" />
Confidence
95% confidence
Finding
autoApprove

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal