ClawHub

Book Fetch

Security checks across malware telemetry and agentic risk

Overview

This skill mostly does what it advertises, but it can automatically download books from shadow-library sources and upload them to a MEGA account without a clear confirmation step.

Install only if you intentionally want an agent to contact Anna's Archive/Libgen, download files to /tmp/books, and upload them into MEGA. Use --dry-run for search-only use, use --pick -1 for ambiguous titles, verify which MEGA account mega-put or rclone is authenticated to, and confirm you have the right to download and store the requested books.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
96% confidence
Finding
The skill explicitly performs outbound network access to Anna's Archive/libgen and cloud upload to MEGA, and it invokes command-line tooling such as rclone, yet no permissions or safety boundaries are declared. That mismatch is dangerous because an agent may execute file transfer and shell-capable actions without transparent user consent, review, or policy gating, increasing the risk of unauthorized downloads, data exfiltration, and abusive automation.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger wording is broad enough to match ordinary requests like 'find a book' or 'download an ebook,' which can cause the skill to activate in many benign reading-related conversations. In this context, overbroad activation is especially risky because the skill's behavior is not passive search: it downloads potentially infringing material from shadow-library sources and uploads it to remote storage automatically.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The description does not clearly warn users that the skill will download files from third-party ebook piracy sources and then upload them to MEGA, creating both security and legal risk. Without an explicit warning, users may unknowingly authorize retrieval of untrusted files and transfer of content to cloud storage, which can lead to malware exposure, copyright infringement, and unintended persistence of downloaded material.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script automatically uploads downloaded content to MEGA without an explicit confirmation step or a clear warning that data is being transferred to a third-party cloud service. In an agent skill context, silent exfiltration to external storage is more dangerous because users may think the action is only downloading a file locally, not copying it to a remote account.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal