ClawHub

Construction PM

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent construction project tracker, but normal email and job inputs can be interpreted as Python code on the user's machine.

Review before installing. Do not use this version on untrusted emails, copied customer messages, or externally supplied job text until the scripts pass input safely to Python. If installed anyway, keep the data directory private, avoid secrets in job notes, review briefings before sharing, and ensure python3 is available despite it not being declared.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill documentation instructs the agent to write files and initialize a local JSON database, but the metadata declares no permissions or environment/config requirements. This mismatch can cause the platform or user to authorize and run a skill with broader effective capabilities than are transparently declared, increasing the risk of unintended filesystem modification or writing to sensitive paths when custom output locations are used.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script embeds raw email content directly into an inline Python heredoc and then prints extracted customer names, permit details, job numbers, and dollar amounts to stdout without any masking, consent prompt, or output restriction. In a construction PM context, emails are likely to contain sensitive operational and personal data, so this creates a real data exposure risk through logs, terminal history, CI output, or downstream agent tooling.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal