ClawHub

Swmm End To End

Security checks across malware telemetry and agentic risk

Overview

This SWMM workflow skill is a coherent modelling orchestrator, but it can run local project tooling and write audit notes outside the run folder unless disabled.

Install and run this only from the intended Agentic SWMM repository. Review dependency installation before running the MCP setup, and use --no-obsidian if audit notes should stay only inside runs/<case>. Treat raw MCP responses and audit notes as potentially containing project paths, model metadata, and other sensitive case details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill directs audit-note export to a local Obsidian vault in the user's home directory by default, which extends data flow outside the run directory without strong justification. This can copy project data and metadata into an unrelated personal knowledge store, creating confidentiality and data-minimization risks.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Mandating default export to a fixed Obsidian vault path causes automatic local file writes outside the scoped run artifacts and may duplicate sensitive audit material into a personal directory. The fixed home-directory destination also bypasses least-privilege expectations for a SWMM orchestration skill.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill normalizes copying audit notes into a local vault without prominently warning the user that data will be written into a home-directory knowledge base. In agent settings, silent or nonobvious persistence is dangerous because users may not realize outputs are being duplicated beyond the requested workspace.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Default-on Obsidian export without a prominent warning creates an unexpected persistence channel to the user's home directory. This is especially risky because audit outputs may contain run metadata, paths, and evidence that users expected to remain only under runs/<case>/.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script writes the raw MCP tool response directly to a caller-specified file without redaction, classification, or any warning that the response may contain secrets, filesystem contents, credentials, or other sensitive model/tool output. In an agentic orchestration context, this is more dangerous because MCP tools may aggregate data from multiple sources, increasing the chance of persistent sensitive-data capture and later unintended disclosure.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal