ClawHub

super-file-manager

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local file-management skill that can move, trash, back up, and restore files, so it should be used with explicit confirmation but does not show malicious behavior.

Install only if you are comfortable giving an agent local file-management authority. Use the scan and preview commands first, require explicit confirmation before any move, trash, backup, or rollback action, avoid --no-verify for important backups, and be cautious when restoring trashed files with common filenames because rollback may match by filename rather than exact trash metadata.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill clearly documents file read/write behavior and environment-dependent paths, but the manifest does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: reviewers or runtime controls may underestimate the skill's access and allow file-system actions without explicit consent boundaries.

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The high-level description frames the skill as file management, but the documented behavior includes destructive and state-changing operations such as trashing files, batch moving, logging, rollback, and empty-directory cleanup. If these capabilities are not prominently declared up front, users and orchestrators may invoke the skill under a weaker risk model than warranted.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The docstring claims trash recovery uses metadata-aware restoration, but the implementation actually searches trash locations by filename and restores the first match. This can restore the wrong file when multiple deleted files share the same name, causing unintended overwrite-adjacent behavior, privacy exposure, or data integrity issues during rollback.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The trigger description is broad enough to overlap with normal conversation about cleanup, organization, backup, or disk space, increasing the chance of unintended activation. In a skill that can move, trash, and restore files, accidental invocation materially raises the risk of unwanted file operations even if later confirmations are intended.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
### 脚本
```bash
python3 scripts/incremental_backup.py <源目录> <备份目标路径> [--full] [--exclude <glob>] [--no-verify] [--quiet] [--max-files N] [--max-depth N]
```

| 参数 | 说明 | 默认值 |
Confidence
88% confidence
Finding
--no-verify

Tool Parameter Abuse

High
Category
Tool Misuse
Content
|------|------|--------|
| `--full` | 执行全量备份 | 增量 |
| `--exclude <glob>` | 排除匹配的文件/目录(可多次) | 无 |
| `--no-verify` | 跳过备份后校验 | 校验 |
| `--quiet` | 静默模式 | 有进度 |
| `--max-files N` | 最大备份文件数 | 50000 |
| `--max-depth N` | 最大扫描深度 | 20 |
Confidence
88% confidence
Finding
--no-verify

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal