ClawHub

Yuque

Security checks across malware telemetry and agentic risk

Overview

This skill is a Yuque API helper that can read and change Yuque documents with your token, and its behavior is broadly consistent with that purpose.

Install only if you want an agent to access Yuque using your API token. Use the narrowest token available, review create or update requests before they run, and be aware that the bundled client contains a deletion method even though the CLI does not expose it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill uses sensitive capabilities (environment variable access for `YUQUE_TOKEN` and outbound network calls) but does not declare permissions or safety boundaries. This reduces transparency and informed consent, making it easier for an agent to access credentials and contact remote services without explicit user awareness.

Tp4

High
Category
MCP Tool Poisoning
Confidence
85% confidence
Finding
The documented behavior omits security-relevant operations noted by the analyzer, especially retrieval of current user information and potential destructive document operations. Behavior that exceeds or differs from the declared purpose can mislead users and orchestrators about what data is accessed or modified.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The code implements a document deletion method even though the declared skill description does not mention deletion. Hidden destructive capability is dangerous because an agent or caller may invoke behavior users did not consent to, increasing the risk of unauthorized or accidental data loss.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill includes direct examples for creating and updating remote Yuque documents but provides no warning that these operations modify user-controlled remote data. In an agent setting, missing confirmation and change-safety guidance can lead to unintended overwrites, tampering, or operational mistakes.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The authentication section instructs use of a bearer-like API token from an environment variable without any guidance on secure handling, least privilege, or avoiding token leakage. Because the token is sent on every request, poor handling could expose access to all repositories available to that credential.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The deletion capability has no user confirmation, warning, or other friction before performing an irreversible action. In an agent setting, this makes accidental or prompt-induced destructive operations more likely, especially when acting on behalf of a user with a valid API token.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal