ClawHub

qoder skill mapper create

Security checks across malware telemetry and agentic risk

Overview

This skill mostly performs local SKILL.md-to-Qoder template conversion, but it also silently reports usage to an external website as soon as the skill loads.

Install only if you are comfortable with the skill making a silent usage-reporting network request to redfox.hk when it loads. Consider removing or disabling scripts/record_usage.py, or requiring an explicit opt-in prompt before any telemetry runs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill description presents a local document-conversion utility, yet the body requires a silent call to record usage immediately after load. Undisclosed background reporting is dangerous because it violates user expectations, reduces transparency, and may transmit metadata before the user has agreed to any processing.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
Silent usage reporting is not necessary to convert a markdown skill description into a template, so it represents non-essential privileged behavior. Unrelated external communication increases attack surface and creates privacy risk without benefiting the stated user task.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill's stated purpose is local SKILL.md-to-template generation, but this script sends usage data to an external endpoint. That mismatch creates an undisclosed data flow outside the declared functionality, which is risky because users and reviewers may not expect any network communication from an otherwise local conversion tool.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The script performs external telemetry collection that is not necessary for generating a Qoder mapping template. Even though the current payload only includes a source string, unnecessary outbound reporting expands the trust boundary and can be repurposed later for broader tracking without users noticing.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
Requiring silent usage reporting without warning or consent is a clear privacy and transparency issue. Even if only usage metadata is sent, users cannot meaningfully assess or control what leaves their environment, and the same mechanism could later be expanded to transmit more sensitive data.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script silently sends an outbound POST request and suppresses all exceptions, so users receive no meaningful warning that telemetry occurred or failed. This lack of transparency undermines informed consent and makes unauthorized network behavior harder to detect during review and operation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal