ClawHub

Council v2

Security checks across malware telemetry and agentic risk

Overview

This review skill appears legitimate, but it may send supplied files or stdin content to multiple external AI providers without enough upfront privacy disclosure.

Install only if you are comfortable with the review inputs being processed by external model providers. Do not submit secrets, regulated data, private customer data, or proprietary code unless you have approval and understand which providers receive it; prefer redacted inputs or a local/single-provider mode if available.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill clearly reads local files and stdin as inputs to the review flow, but the metadata shown does not declare corresponding permissions. Undeclared file-read capability weakens security review and user understanding of what the skill can access, increasing the chance of unintended exposure of sensitive local content.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README explicitly encourages routing review material to third-party model providers, but it does not warn users that code, plans, or architecture documents may leave their environment and be processed by external services. For a review skill that is likely to handle proprietary or security-sensitive content, this omission creates a real data exposure risk because users may unknowingly transmit confidential material.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The examples and workflow state that local files or stdin content are loaded and then sent to 3-5 external AI reviewers, but there is no prominent privacy or data-sharing warning. This creates a real risk that users will transmit proprietary code, credentials, personal data, or internal plans to multiple third-party providers without informed consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal