ClawHub

Huckleberry

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it needs Huckleberry login credentials and can read or update sensitive baby-tracking records.

Install only if you are comfortable giving this skill Huckleberry account credentials and allowing it to read and update baby activity, growth, and history records. Prefer protected environment variables or a tightly permissioned credentials file, do not commit the password file, consider reviewing or pinning the GitHub dependency, and verify important entries in the Huckleberry app.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documentation instructs users to provide credentials via environment variables or a local credentials file, but the metadata declares no permissions. This creates a transparency and trust problem: the skill clearly needs access to sensitive secrets, yet that access is not explicitly declared, making it easier for users or hosting platforms to underestimate the data exposure risk.

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The stated description frames the skill as simple baby activity logging, but the file also documents listing children, retrieving history and growth data, and directly updating Firestore records through reverse-engineered internals. That mismatch is security-relevant because it obscures the real scope of data access and modification, increasing the chance of over-trusting a tool that can read broader family data and write directly to a backend outside the expected supported API surface.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
This helper bypasses the public Huckleberry API and directly accesses the Firestore backend via an internal client method. Direct datastore access expands the skill's effective privileges, can break assumptions enforced by the API layer, and may modify records in ways the vendor did not intend or validate.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The sleep logging path writes records straight into Firestore instead of going through the declared application API. That bypass can circumvent server-side validation, schema checks, audit controls, and future compatibility guarantees, creating integrity and privacy risk for sensitive child health data.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The setup section tells users to place account email/password in environment variables or a plaintext JSON file and later notes that the skill writes directly to Firestore documents. Without a prominent warning about credential sensitivity, unsupported backend access, and possible account/data integrity consequences, users may expose login secrets or unknowingly permit risky direct backend writes to personal child-health data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal