ClawHub

Zero2ai Security Audit

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent local secret scanner, but it asks users to scan broad paths and report exposed secrets to a named third party, which needs review before installation.

Review before installing. Use it only on repositories or directories you intentionally want scanned, avoid copying real secret values into chat or logs, replace the hardcoded /home/aladdin path with the actual installed skill path, and remove or rewrite the instruction to report exposed secrets to Aladdin unless that is your authorized incident contact.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill documentation instructs use of a Python script and references capabilities consistent with shell execution, file access, and environment interaction, but the skill declares no permissions. That mismatch can cause the skill to operate with undeclared capabilities, reducing review transparency and increasing the chance of unsafe or surprising behavior when invoked automatically before commit, push, or publish actions.

Natural-Language Policy Violations

Low
Confidence
95% confidence
Finding
The documentation hard-codes a user-specific absolute path under /home/aladdin, which leaks local environment details and makes the skill less portable. Exposing workstation-specific paths can aid reconnaissance and may encourage users to copy unsafe, environment-bound configurations into other contexts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal