ClawHub

Infisical Reader

Security checks across malware telemetry and agentic risk

Overview

This skill is openly meant to read Infisical secrets, but it gives broad access to retrieve and print secret values with limited safeguards.

Install only if you trust the publisher and intend to let an agent access your Infisical secrets. Use a least-privilege Machine Identity, restrict it to only needed projects and environments, avoid bulk or JSON secret dumps, and do not ask the agent to print raw secrets unless absolutely necessary.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The description says to use this skill whenever the agent needs API keys or credentials, which is an overly broad activation condition for a highly sensitive capability. That can cause the agent to fetch secrets opportunistically rather than only after an explicit user request and clear scope validation.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill is specifically designed to read secrets and raw secret values using stored client credentials, yet it does not include strong warnings, consent requirements, or handling rules for sensitive data. In context, this is more dangerous because the skill's primary purpose is credential access, so misuse directly exposes high-value secrets.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This documentation explicitly shows how to authenticate with Infisical using a client ID and client secret, and the skill’s stated purpose is to fetch API keys or credentials. In an agent skill context, omitting warnings about treating these credentials and resulting bearer tokens as highly sensitive increases the chance they are logged, echoed, or mishandled, enabling unauthorized access to secret stores.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document describes raw secret listing and retrieval endpoints and includes a response example containing a real secret value field. In a lightweight agent skill meant to retrieve credentials directly, this materially raises the risk of bulk secret exposure through model output, tool logs, traces, or accidental disclosure to users if guardrails are not clearly documented.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script supports printing secret values in cleartext via the --raw option, which can expose credentials to terminal history, logs, calling agents, or other downstream tooling without any safety confirmation or warning. In this skill's context, the purpose is to fetch API keys and credentials, so enabling unguarded raw output materially increases the chance of accidental secret disclosure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal