ClawHub

Swmm Modeling Memory

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a memory/run summarization tool, but it has under-scoped filesystem write behavior that users should review before installing.

Install only if you are comfortable letting the skill read run or memory artifacts and write summary files. Prefer running it on a copied test directory first, set output paths explicitly, avoid broad or symlink-heavy runs directories, and check whether it overwrites existing Obsidian or summary files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill describes file read and file write behavior but does not declare permissions explicitly, creating a mismatch between documented capabilities and the security boundary expected by the platform. Because this skill writes aggregate outputs, per-run summaries, and optional exports to user-supplied paths, undeclared filesystem access can lead to over-broad execution, accidental data mutation, or reduced reviewability of what the skill is allowed to touch.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The script writes `memory_summary.json` back into each discovered run directory, which exceeds a read-only summarization role and mutates historical experiment artifacts in place. In a security-sensitive or audit-preservation context, this can contaminate evidence, alter directory contents unexpectedly, or write into attacker-influenced paths if `--runs-dir` includes symlinks or untrusted run folders.

Description-Behavior Mismatch

Low
Confidence
83% confidence
Finding
The Obsidian export copies generated Markdown files into a caller-supplied external directory, expanding the skill from local summarization into cross-directory write behavior. While not inherently malicious, it can place data in unintended locations, overwrite user files with matching names, or facilitate exfiltration of summarized audit content to a broader workspace when the destination is not constrained.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal