ClawHub

EvalScope

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly a coherent EvalScope helper, but it gives users commands that can expose dashboards, send private evaluation data to model APIs, and run code-benchmark sandboxes without enough safety scoping.

Install only if you understand EvalScope and will review generated commands before running them. Prefer localhost-only dashboard binding, use trusted endpoints, avoid sensitive datasets unless the provider and retention policy are acceptable, keep API keys out of copied command text where possible, and run code-generation benchmarks only in a hardened disposable sandbox.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The manifest explicitly says the skill should not trigger for deployment or serving requests, yet the documented visualization workflow starts a long-running web service and recommends binding it to 0.0.0.0. That creates a capability/behavior mismatch that can cause the agent to assist with exposing a service on the network when users did not ask for serving functionality.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The sandbox evaluation section introduces Docker-based execution for benchmark-generated code, which materially expands the skill from command translation into facilitating code execution. Even with Docker isolation, running untrusted generated code can expose the host to container breakout risks, sensitive file mounting mistakes, resource abuse, or daemon-level privilege issues if users follow the instructions without safeguards.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The eval and perf workflows instruct users to send prompts, datasets, and possibly benchmark content to local or external API endpoints, including OpenAI-compatible, Anthropic, and LiteLLM targets, without any privacy or data-handling warning. In practice, users may unknowingly transmit proprietary prompts, benchmark data, model outputs, or API keys to third-party or remote services.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The visualization workflow recommends `--host 0.0.0.0`, which exposes the dashboard on all network interfaces by default without explaining the security implications. This can unintentionally publish evaluation reports, logs, and metadata to other machines on the same network or beyond, depending on host firewalling and deployment context.

Missing User Warnings

High
Confidence
96% confidence
Finding
The sandbox instructions normalize Docker-based execution of benchmark-generated code but omit warnings that the executed code is effectively untrusted. In an evaluation context, this is especially risky because code-generation benchmarks are designed to produce executable artifacts, increasing the chance of filesystem access, network access, persistence attempts, or exploitation of weak container configurations.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The example shows RAG testset generation using a configured HTTP/OpenAI-compatible endpoint without warning that source documents, prompts, and generated test content may be transmitted to that endpoint. In a RAG workflow, the referenced docs can contain proprietary or sensitive data, so omission of a disclosure increases the risk of unintended data exfiltration or unsafe use against non-local services.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The evaluation example sends testset content and model answers to a critic LLM endpoint but does not warn users that these inputs may leave the local process and be processed by an external service. Because evaluation datasets often contain user queries, retrieved context, and expected answers, this can expose sensitive business or personal information if operators assume evaluation is purely local.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This example configures a credentialed remote embedding API and includes an inline API key placeholder, but provides no warning about transmitting text inputs to a third-party endpoint or handling secrets securely. Embedding requests often contain raw corpus text or queries, so lack of disclosure can lead to privacy leakage and poor credential practices by copy-paste users.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The multimodal example sends image and prompt data to a configured model endpoint without explaining that those artifacts may be transmitted to another service. Images can contain sensitive visual data or embedded text, so absent disclosure may cause users to expose private datasets during benchmarking.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal