ClawHub

Unzip Files with WinRAR

Security checks across malware telemetry and agentic risk

Overview

This archive-helper skill is mostly coherent, but it needs Review because it can persistently change PATH, download external installer binaries, expose archive passwords in commands, and overwrite files without clear consent safeguards.

Install only if you are comfortable with an agent running local archive commands. Ask it to use absolute paths or temporary PATH changes, avoid persistent PATH edits unless you explicitly approve them, verify any downloaded installer before use, redact passwords from displayed commands, and extract into a new folder before using overwrite flags.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs a persistent PATH modification via `setx PATH`, which changes system/user configuration beyond the immediate task and can affect future shells and unrelated processes. In an automated agent context, making persistent environment changes without explicit user approval is risky because it creates lasting side effects and may accidentally shadow other executables or break command resolution.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill allows downloading official installer/archive binaries as a fallback and implies the agent may perform that action automatically after simple detection checks. Even with official URLs, instructing an agent to fetch and potentially execute external software without explicit consent, integrity verification, and platform/package validation creates a supply-chain and arbitrary software execution risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The quick reference includes examples that pass archive passwords directly on the command line, which can expose secrets through shell history, process listings, logs, and automation telemetry. In an agent skill meant to be reused in workflows, this is more dangerous because users may copy these examples verbatim into scripts or automated systems where credential exposure persists beyond a single session.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal