ClawHub

File Indexer Publish

Security checks across malware telemetry and agentic risk

Overview

This is a local file search tool, but it can automatically and persistently index broad workspace content, so users should review its scope before installing.

Install only if you are comfortable with a persistent local database of file paths and short content snippets from broad workspace locations. Before enabling it, narrow the watched directories, exclude secrets and private projects, confirm where file_index.db is stored, and avoid relying on broad auto-triggers until the scope is tightened.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill exposes filesystem read and shell-capable behavior but does not declare permissions or constraints. That creates a transparency and policy-enforcement gap: an agent or user may invoke it expecting a passive search tool, while it can access local files and execute command-driven workflows.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented purpose is file indexing/search, but the behavior includes continuous monitoring of hardcoded local directories, ingestion of external hook data from stdin, and parsing shell command content to infer deletions. This materially expands the trust boundary beyond ordinary search and can capture sensitive project activity or react to untrusted event input without clear disclosure.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README advertises automatic indexing, deletion tracking, and real-time monitoring, but does not clearly disclose the privacy and data-collection implications of continuously observing user/project directories. In a file-indexing skill, this omission matters because the tool is explicitly designed to watch broad workspace paths and persist metadata to a database, which can surprise users and expose sensitive filenames, paths, and change history.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README states that the indexer is already configured to run automatically when the agent creates or modifies files, but it does not warn that background behavior is enabled by default. Silent or undocumented background monitoring is risky because users may not realize their activity is being tracked continuously, especially in directories containing confidential code, configs, or filenames.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The auto-invocation phrases are broad enough to match common requests like 'search' or 'find files', increasing the chance the skill runs in contexts where users did not intend background indexing or monitoring. Over-broad triggers can lead to unnecessary access to workspace contents and surprise execution of file-scanning logic.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list contains very broad terms such as "查找", "搜索", "file", "find", and "有没有", which are likely to appear in ordinary conversation and unrelated requests. This can cause the skill to activate unintentionally, intercepting prompts meant for other skills and expanding the attack surface for prompt routing or data exposure issues.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
python3 __main__.py scan /dir/path

# 标记删除
python3 __main__.py delete /path/to/file
```

## 配置说明
Confidence
76% confidence
Finding
delete /path/to/file

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal