ClawHub

README Sync

Security checks across malware telemetry and agentic risk

Overview

This skill is a local README maintenance helper; it can read project documentation and update README-related files, but the behavior is disclosed and no network, credential, destructive, or exfiltration behavior was found.

Install this only if you want an agent to maintain README.md during coding sessions. Review pending updates before running sync, init, or auto-init; avoid putting secrets in README summaries or .readme_pending.json; and clear pending state when it should not persist in the project.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill clearly instructs the agent to read and write project files, but no explicit permissions are declared. That creates a capability/consent gap: hosts or users may assume the skill is informational while it can actually modify README.md and maintain auxiliary state, increasing the chance of unintended file access or writes.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The declared behavior says writes require confirmation, but the documented operations include auto-init/init/sync and maintenance of a separate pending state file, with behavior that can create or overwrite files after broad triggers. This mismatch is dangerous because an invoking agent or user may consent to lightweight README reading while the skill scans the repo, persists hidden state, or writes documentation without sufficiently explicit approval.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger scope covers very common situations such as any project-related question or any code query/modification, which makes accidental invocation likely. In context, that means the skill may routinely read README content, scan structure, or prepare pending updates even when the user did not intend to invoke documentation-sync behavior.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The workflow's activation conditions are ambiguous and expansive, including any need to understand project background. Such broad criteria can cause the skill to run during many normal development interactions, leading to unnecessary repository reads and increasing the chance that later write-capable steps are surfaced or used without strong user intent.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal