ClawHub

Consistency Checker

Security checks across malware telemetry and agentic risk

Overview

This skill mostly matches a novel consistency-checking purpose, but it includes an under-disclosed LLM helper that can send manuscript and character data to DashScope.

Review carefully before installing. Use the documented local checker for private manuscripts, and avoid scripts/check_consistency_llm.py unless you intentionally want selected chapter and character content sent to DashScope with DASHSCOPE_API_KEY. Pin dependencies and add the missing requests dependency before relying on the LLM helper.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill advertises only a local consistency-checking function, yet the analyzer detected environment access, file read/write, and network capability with no declared permissions. In an agent setting, undeclared capabilities are dangerous because they can silently exfiltrate chapter text, character profiles, secrets from environment variables, or overwrite user files without informed consent.

Tp4

High
Category
MCP Tool Poisoning
Confidence
98% confidence
Finding
This is a clear description-behavior mismatch: the skill is presented as a novel consistency checker, but analysis indicates it may send chapter content and character data to an external DashScope API, perform broader analysis than documented, and write results to disk. Hidden external data transfer is especially risky because users may provide unpublished manuscripts or sensitive notes expecting local-only processing.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The skill is presented as a consistency checker, but it transmits chapter text and character data to an external LLM service. That creates a data exposure/privacy risk because potentially sensitive unpublished manuscript content is sent off-host, and users are not clearly warned that analysis is performed remotely rather than locally.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script sends chapter and character content to an external API without any explicit consent prompt, warning, or privacy notice at runtime. In the context of a novel-writing skill, this can expose unpublished intellectual property, personal notes, or confidential material to a third party unexpectedly.

Unpinned Dependencies

Low
Category
Supply Chain
Content
rich
PyYAML
Confidence
95% confidence
Finding
rich

Unpinned Dependencies

Low
Category
Supply Chain
Content
rich
PyYAML
Confidence
99% confidence
Finding
PyYAML

Known Vulnerable Dependency: PyYAML — 8 advisory(ies): CVE-2019-20477 (Deserialization of Untrusted Data in PyYAML); CVE-2020-1747 (Improper Input Validation in PyYAML); CVE-2020-14343 (Improper Input Validation in PyYAML) +5 more

Critical
Category
Supply Chain
Confidence
99% confidence
Finding
PyYAML

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal