ClawHub

Skill Install Guardian

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed pre-installation checker that runs ClawHub inspection commands and scans other skills, with no evidence of hidden installation, exfiltration, or destructive behavior.

Reasonable to install as a manual due-diligence helper, but do not treat it as a complete security guarantee. Review its findings yourself, keep the separate owner approval step before installing any skill, and prefer a trusted or pinned ClawHub CLI when running the `npx clawhub` checks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill documentation describes capabilities to read local files, invoke shell commands via Python and npx, and perform network access, but it does not declare corresponding permissions in metadata. This creates a transparency and policy-enforcement gap: a user or platform may treat the skill as lower risk than it really is, increasing the chance of unintended execution of file, shell, or network operations.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The deep-analysis routine enumerates full file paths but, for script files, fetches only the basename rather than the original path. An attacker can hide malicious code in nested files or duplicate basenames so the scanner analyzes the wrong file and incorrectly reports the skill as safe, undermining the core security function of this guardian.

Missing User Warnings

Medium
Confidence
77% confidence
Finding
The script inventories the user's local skills directory and derives installed-skill information without a just-in-time disclosure or consent prompt at the point of access. In a security-review/install workflow, local environment enumeration can expose sensitive workspace structure and installed capabilities to logs or downstream automation beyond what the user may expect.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal