ClawHub

Glama Registry

Security checks across malware telemetry and agentic risk

Overview

This skill is a small MCP registry search wrapper that uses a user-provided XiaoBenYang API key and does not show destructive, hidden, or exfiltrating behavior.

Before installing, be comfortable giving a XiaoBenYang API key to this skill and having it saved in a local .env file. Avoid committing that .env file, rotate the key if it is exposed, and consider pinning dependencies if you need reproducible or tightly controlled installs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (12)

Intent-Code Divergence

Medium
Confidence
84% confidence
Finding
The workflow examples reference unrelated gaokao/school search functions inside a skill claimed to search MCP registry entries. Such copy-paste inconsistency increases the chance of misrouting user input to unintended tools or APIs, causing accidental data disclosure, wrong external requests, or execution of broader functionality than the user expected.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The module implements persistent API key storage to a local .env file even though the stated skill purpose is only MCP registry search. This expands the trust boundary and creates unnecessary secret-at-rest handling, which increases the chance of credential leakage via local file disclosure, repository inclusion, backups, or other components reading the same file.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The code has the ability to write credentials locally, which is not proportionate to a simple search utility. Even without exfiltration logic, unnecessary secret-writing capability materially increases exposure because the key becomes available to any local process, tooling, or accidental file-sharing path that can access the working directory.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Persisting an API key to .env without a user-facing warning or clear disclosure is unsafe because users may reasonably expect a transient configuration change, not secret storage on disk. This can lead to unintentional long-term retention of sensitive credentials and later leakage through source control, archives, logs, or support bundles.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
pydantic>=2.7.0
pydantic-settings>=2.2.0
python-dotenv>=1.0.1
Confidence
97% confidence
Finding
requests>=2.31.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
pydantic>=2.7.0
pydantic-settings>=2.2.0
python-dotenv>=1.0.1
Confidence
96% confidence
Finding
pydantic>=2.7.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
pydantic>=2.7.0
pydantic-settings>=2.2.0
python-dotenv>=1.0.1
Confidence
95% confidence
Finding
pydantic-settings>=2.2.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
pydantic>=2.7.0
pydantic-settings>=2.2.0
python-dotenv>=1.0.1
Confidence
95% confidence
Finding
python-dotenv>=1.0.1

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
92% confidence
Finding
requests

Known Vulnerable Dependency: pydantic — 3 advisory(ies): CVE-2021-29510 (Use of "infinity" as an input to datetime and date fields causes infinite loop i); CVE-2024-3772 (Pydantic regular expression denial of service); CVE-2021-29510 (Pydantic is a data validation and settings management using Python type hinting.)

High
Category
Supply Chain
Confidence
89% confidence
Finding
pydantic

Known Vulnerable Dependency: pydantic-settings — 1 advisory(ies): GHSA-4xgf-cpjx-pc3j (pydantic-settings: NestedSecretsSettingsSource follows symlinks outside secrets_)

Low
Category
Supply Chain
Confidence
80% confidence
Finding
pydantic-settings

Known Vulnerable Dependency: python-dotenv — 1 advisory(ies): CVE-2026-28684 (python-dotenv: Symlink following in set_key allows arbitrary file overwrite via )

Low
Category
Supply Chain
Confidence
60% confidence
Finding
python-dotenv

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal