ClawHub

Mongodb Connector

Security checks across malware telemetry and agentic risk

Overview

This MongoDB connector is coherent, but it gives agents broad database mutation, deletion, export, and unrestricted command authority that users should review carefully before enabling.

Install only for AgentPMT groups and MongoDB users that are tightly permissioned. Prefer read-only credentials unless mutation is required, avoid granting admin/delete access broadly, review every export for sensitive fields, and require human confirmation for delete, drop, bulk_write, and run_command workflows.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The schema exposes a generic `run_command` action that accepts an arbitrary MongoDB command object, which materially expands capability beyond narrowly scoped CRUD and index operations. In a connector context this can enable dangerous administrative, integrity-impacting, or reconnaissance commands depending on backend privileges, making misuse or prompt-induced abuse more severe than the rest of the documented API.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill promotes CSV/JSON export but does not clearly warn that query results may be written to downloadable files outside the original database boundary. This can increase the risk of unintended persistence, broader sharing, or mishandling of sensitive data extracted from the database.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill promotes CSV/JSON export but does not clearly warn that query results may be written to downloadable files outside the original database boundary. This can increase the risk of unintended persistence, broader sharing, or mishandling of sensitive data extracted from the database.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The schema documents destructive actions such as deleting documents and dropping collections without any warning about irreversibility, scope, or the need for explicit confirmation. In an agent-driven environment, absent safety cues and confirmation requirements increase the chance of accidental or prompt-manipulated data loss.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The schema advertises broad command execution through `run_command` without warning that commands may affect data integrity, availability, or expose sensitive operational metadata. This is especially risky in a remote tool callable by an agent, because generic command execution can be repurposed for unintended administrative actions if backend permissions permit it.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal