ClawHub

APM 메시지 푸시 API

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only API skill, but it exposes static signing salts for authenticated non-public endpoints and includes write actions without clear user-confirmation guidance.

Install only if you trust the APM service owner and need this specific API access. Use a least-privilege APM_USER_TOKEN, avoid logging or sharing it, require manual approval before any POST/read-status/upload call, and treat the published signing salts as potentially compromised service secrets that should be removed or rotated by the publisher.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (9)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The documentation explicitly discloses a hardcoded signing salt ('aedrttyl$ssk2') for a user-facing write endpoint. Exposing signing material in public or broadly accessible docs can enable request forgery, signature bypass, or abuse of authenticated API operations, especially because this endpoint changes message read state and the secret is unrelated to normal consumer usage.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill documents authenticated endpoints that perform state-changing operations such as marking messages as read and uploading custom information, but it does not warn the user that invoking them will modify remote data. In an agent setting, this can lead to unintended side effects, silent account changes, or accidental data submission when a user expects only read-only retrieval.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill requires a sensitive access token through an environment variable and instructs users to place it into an authorization header, but it provides no guidance on secure storage, least-privilege use, redaction, or log handling. In agent workflows this increases the chance of credential leakage through prompts, debugging output, shared environments, or accidental disclosure to downstream tools.

Natural-Language Policy Violations

High
Confidence
97% confidence
Finding
The documentation exposes a secret-like signing salt (`asdjl$ssk2`) directly in the metadata and description. Even if intended for internal use, embedding signing material in a skill file can enable request forgery, signature bypass attempts, or broader compromise of any system that relies on that salt remaining confidential.

Natural-Language Policy Violations

High
Confidence
98% confidence
Finding
The documentation exposes a hard-coded secret-like signing salt ('sadasaa4r') in frontmatter and prose. If this value is actually used in request signing or integrity checks, an attacker could reproduce valid signatures, tamper with requests, or automate unauthorized API access; the non-public auth-protected API context makes such disclosure more dangerous because it may weaken a compensating control around a restricted service.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The documentation exposes a value explicitly labeled as a 'sign salt' in both the frontmatter and body. Even if this is only one component of a signing scheme, publishing signing material in skill docs can enable request forgery, weaken integrity checks, and leak sensitive implementation details to unauthorized readers or downstream tooling.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill documents a write-capable upload endpoint for app custom information but provides no warning about what data is transmitted, what side effects occur, or what authorization/user-consent expectations apply. In an agent setting, this can lead to silent exfiltration or modification of user-associated data, especially because the endpoint is non-public and requires authenticated access, increasing the sensitivity of misuse.

Ssd 3

High
Confidence
99% confidence
Finding
The skill documentation exposes a signing salt directly in metadata and prose, which leaks sensitive material that may be used to generate or validate request signatures. Because this is an internal, non-public write-capable API, embedded credential-related secrets materially increase the risk of unauthorized request forgery, abuse of authenticated workflows, and lateral exposure if the same salt is reused elsewhere.

Ssd 3

Medium
Confidence
98% confidence
Finding
The embedded 'sign salt' appears to be secret-like authentication material and is disclosed in readable documentation text. In the context of an API skill for authenticated push-message operations, this materially increases risk because an attacker who obtains the docs may be able to reproduce or assist signature generation and tamper with protected requests.

VirusTotal

No VirusTotal findings

View on VirusTotal