ClawHub

Alchemyst MCP Skill

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Alchemyst MCP integration for external persistent context storage, with no local executable code, but users should treat anything stored there as persistent third-party data.

Install this only if you intend to use Alchemyst as an external memory provider. Protect the API key, avoid storing secrets or regulated/private documents unless your policies allow it, and confirm Alchemyst retention and deletion behavior before saving important context.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger text is very broad ('store, retrieve, search, or view persistent context' and any task involving reading or writing to Alchemyst), which can cause the skill to activate in many loosely related situations. Because the skill connects to an external persistence service, over-invocation increases the chance of unnecessary data disclosure, accidental persistence of sensitive information, and user actions being routed to an external system without sufficiently explicit intent.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill describes authentication and remote SSE connectivity but does not prominently warn that document contents, conversations, user_id, organization_id, metadata, and retrieved stored data are sent to and from a third-party external service. In a persistence skill, that omission is security-relevant because users or calling agents may treat the action like local memory rather than external transmission, leading to uninformed sharing of sensitive data.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The search/view tool descriptions are generic enough that an agent could invoke them without clear user intent boundaries, especially for persistent-memory operations. In a skill whose purpose is storing and retrieving cross-session context from a remote service, ambiguous invocation guidance increases the chance of over-collection or unintended disclosure of previously stored data.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The add-context tool can send user identifiers and arbitrary document content to an external context processor, but its description does not clearly restrict when ingestion is appropriate. That ambiguity is dangerous because an agent may persist sensitive conversations, credentials, or proprietary files simply because they appear relevant, creating durable external exposure.

Missing User Warnings

High
Confidence
96% confidence
Finding
The manifest declares transport to a remote HTTPS endpoint and the tools process user IDs, organization IDs, and document/context data, yet there is no user-facing disclosure that data leaves the local environment. This creates a material privacy and compliance risk because users may reasonably assume memory actions are local or first-party when they actually transmit data to an external service.

Missing User Warnings

High
Confidence
97% confidence
Finding
The ingestion interface accepts arbitrary documents, user identifiers, organization identifiers, and metadata for remote processing, but provides no warning about external storage, retention, or sensitivity handling. In the context of a persistent memory skill, this is especially dangerous because the data may remain searchable across sessions, amplifying accidental leakage and compliance exposure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal