ClawHub

moegirlpedia-mediawiki-api

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed authenticated Moegirlpedia reader, but users should install it with a tightly limited bot password because the bundled client contains unused write-capable helpers.

Use a dedicated Moegirlpedia bot password, not your main password. Grant only the documented read and watchlist-view permissions, restrict IPs and editable pages where possible, and avoid edit, rollback, options, or watchlist-modification rights unless a future version explicitly documents and gates those actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The bundled API client exposes authenticated state-changing capabilities such as edit/newSection, rollback, watch/unwatch, and saveOptions, while the skill metadata describes a read/query-oriented MediaWiki access skill. This creates a privilege mismatch: any caller that can invoke this skill with bot credentials can potentially perform unintended writes on the wiki, increasing the risk of account abuse or destructive changes if the skill is routed more broadly than expected.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The code includes saveOption/saveOptions support that can modify authenticated user preferences, which is outside the stated purpose of fetching and summarizing Moegirlpedia data. Even if not currently wired to a CLI command, leaving this reachable capability in the distributed skill expands the blast radius of the embedded authenticated client and can alter account behavior or notification settings unexpectedly.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal