ClawHub
Back to skill

Security audit

Fantasynbaleague

Security checks across malware telemetry and agentic risk

Overview

This Fantasy NBA data skill is purpose-aligned, but it stores the supplied service API key in a local .env file and contains minor leftover labels from another template.

Install only if you are comfortable giving this skill an XBY API key for xiaobenyang.com. Treat the generated .env file as sensitive, avoid committing it, and remove XBY_APIKEY from .env if you no longer use the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
This module implements API credential persistence and retrieval logic even though the skill is described as a Fantasy NBA data service. That mismatch increases concern because the code stores secrets locally and mutates process environment state without clear necessity, expanding the attack surface for secret exposure or misuse.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The function writes API keys directly into a .env file in the working directory, creating durable local secret storage. If the directory is shared, backed up, logged, or later committed to source control, the credential can be exposed and reused by unauthorized parties.

Intent-Code Divergence

Low
Confidence
78% confidence
Finding
The docstring identifies this as a different skill, which is a provenance and trust issue rather than a direct exploit primitive. In security review, identity mismatches matter because they suggest code reuse from unrelated projects, making hidden functionality and undocumented data handling more likely.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code persists a supplied API key to .env without any user-facing disclosure, consent, or warning. Silent secret persistence is dangerous because users may assume the key is transient while the application leaves a long-lived credential on disk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal