ClawHub

Zyla API Hub Skill

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a real Zyla API connector, but it needs review because it gives the agent broad billable API-call authority and exposes API-key handling more than necessary.

Install only if you are comfortable letting the agent make Zyla API calls that may cost money and may send your request data to Zyla or downstream API providers. Use a dedicated key, monitor billing and usage, avoid sensitive inputs unless needed, do not share or log the raw key, and require explicit approval for paid or mutating API calls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill instructs the agent to use environment-backed credentials and make external network calls, but the metadata declares no required permissions. This creates a transparency and governance gap: users and platforms may not realize the skill can access secrets and transmit data to third-party APIs, increasing the chance of unintended data exposure or unsafe execution.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README states that the browser flow will automatically capture and save the user's API key, but it does not explain where the credential is stored, how it is protected, or what permissions govern access to it. In a skill that connects third-party paid APIs, silent credential persistence increases the risk of accidental exposure through local files, backups, logs, or shared environments.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README instructs users to place a live API key directly into a local JSON config file and even duplicate it in an environment section, but provides no warning about file permissions, source-control leakage, or secret handling. Because this skill is specifically designed to broker access to many external APIs under a unified billing key, disclosure of that credential could enable unauthorized usage, billing abuse, and data access through connected services.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill promotes APIs such as email validation, geolocation, finance, weather, and translation, all of which may involve sending user-provided personal or sensitive data to Zyla or downstream providers. The description and usage guidance do not warn users that their inputs may be shared externally, which can lead to privacy violations or unexpected disclosure of personal data.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
After receiving the token from the localhost callback, the plugin stores it in process.env and then prints a ready-to-paste config snippet containing the raw API key. This increases the chance of accidental credential disclosure through terminal logs, chat transcripts, screenshots, shell history, or other plugins/processes that can read environment variables.

Session Persistence

Medium
Category
Rogue Agent
Content
const token = await tokenPromise;
    close();

    // Write to OpenClaw config
    writeApiKey(token);

    return {
Confidence
87% confidence
Finding
Write to OpenClaw config writeApiKey(token); return { text: [ "**Connected to Zyla API Hub!**", "", "Your pay-as-you-go plan is active. Add this to your `~/.open

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal