Back to skill

Security audit

Zyla API Hub Skill

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Zyla API connector, but it needs Review because it gives the agent broad paid API-call authority and handles the API key in chat-visible/plaintext ways.

Install only if you are comfortable letting the agent make Zyla API calls that may cost money and may send request data to Zyla or downstream API providers. Use a dedicated/restricted key, monitor usage and billing, avoid sensitive inputs unless needed, do not expose the raw key in chat/logs/screenshots, and require explicit approval for paid or mutating API calls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill instructs the agent to use environment/configured secrets and make outbound network calls to third-party APIs, but its metadata declares no required permissions. This creates a transparency and governance gap: users and enforcement systems may not realize the skill can access an API key and transmit user-supplied data externally.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README explicitly states that the browser-based flow captures the user's API key automatically and saves it to local configuration, but it does not explain where the credential is stored, whether it is encrypted, or what security properties protect it. Secrets handling is security-sensitive documentation, and omitting storage warnings or guidance can lead users to place a reusable production API key into plaintext config files or other weakly protected locations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This skill is explicitly designed to send user inputs such as email addresses, zip codes, and other query parameters to external APIs, yet it does not warn users about third-party data transmission or advise against sending sensitive data. In a broad API aggregation skill, this increases privacy risk because users may unknowingly submit personal, confidential, or regulated data to external services.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The connect flow returns the bearer token directly in the chat output and instructs the user to paste it into configuration, which exposes the credential to chat logs, UI history, screenshots, and any other component that can read assistant responses. Because this token authorizes arbitrary API calls through the plugin, disclosure can lead to account abuse, quota exhaustion, and access to paid third-party APIs.

Session Persistence

Medium
Category
Rogue Agent
Content
const token = await tokenPromise;
    close();

    // Write to OpenClaw config
    writeApiKey(token);

    return {
Confidence
91% confidence
Finding
Write to OpenClaw config writeApiKey(token); return { text: [ "**Connected to Zyla API Hub!**", "", "Your pay-as-you-go plan is active. Add this to your `~/.open

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.