ClawHub

Pengbo Space

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Pengbo Space API helper that can place paid social-media growth orders only after explicit confirmation, while keeping local cache/log files and optional maintenance scripts.

Install only if you intend to automate Pengbo Space SMM activity. Protect the API key, review service ID, target link, quantity, and cost before approving add or refill actions, and periodically inspect or clear local data logs. Treat release/SBOM/update helper scripts as developer maintenance tools and run them only when you understand their package-install or signed-download behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill advertises significant capabilities—environment access, local file read/write, network access, and shell execution—but declares no permissions. This weakens review and runtime governance because users and platforms cannot accurately assess or constrain what the skill may do, especially given it can place orders, write audit logs, run shell-based security/update scripts, and access secrets such as API keys.

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The documented purpose understates the actual behavior: the skill also persists local state, caches service data, writes audit logs, exposes setup/health/onboarding flows, supports order-history listing, and includes supply-chain/update tooling. This mismatch is dangerous because reviewers and users may authorize the skill for limited API use while it also performs broader local persistence and shell-oriented operations, increasing privacy, operational, and supply-chain risk without clear disclosure.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal