ClawHub

Skill Publisher

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real skill-publishing tool, but users should review it because its publishing and adapter mechanisms have weaker safeguards than the documentation implies.

Install only if you are comfortable with this skill packaging and publishing the entire target skill directory to the platforms you choose. Review any added platform adapter before use, avoid running unknown adapters, and do not rely on the current sensitive-keyword scan as a secret-leak prevention control.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The documentation recommends `@auth_check: echo $MYPLATFORM_TOKEN`, which directly prints a secret to stdout. In a publishing skill context, stdout is likely to be captured by wrappers, logs, CI output, or JSON-processing glue code, so this creates a real credential disclosure risk and also contradicts the file's own stated security requirement not to output credentials.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The publish flow derives an adapter filename from user-controlled platform names, sources that shell script, and then invokes dynamically constructed function names. In shell, sourcing executes the file in the current process, so any malicious or unexpected local adapter script in the script directory can run arbitrary code with the user's privileges during publish.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation explicitly allows adapters to receive and store OAuth tokens but does not specify secure storage, encryption, scope minimization, rotation, or user warning requirements. In practice, vague guidance here can lead downstream implementations to persist sensitive credentials insecurely, enabling credential theft and unauthorized publishing access.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal