ClawHub

Expanso secrets-scan

Security checks across malware telemetry and agentic risk

Overview

This skill performs secret scanning, but it can send sensitive scanned content to OpenAI and expose an unauthenticated network scan endpoint.

Review before installing. Use this only if your organization allows sending scanned text, source code, and possible secrets to OpenAI. Avoid running it on private repositories, production logs, or real credentials unless that data flow is approved. If using MCP mode, bind it to localhost or firewall it, and avoid storing or printing full secret matches in logs or CI output.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The pipeline interpolates the entire stdin content into the user prompt and sends it to the external `openai_chat_completion` processor. Because this skill is specifically designed to scan for secrets, users may feed it highly sensitive files, making third-party disclosure of credentials, private keys, or proprietary source code particularly dangerous without an explicit warning, consent gate, or data-minimization step.

Vague Triggers

Medium
Confidence
89% confidence
Finding
This pipeline exposes a POST /scan endpoint on 0.0.0.0 without any visible authentication, network restriction, rate limiting, or request-scope controls. That makes the service reachable by any party with network access and could enable abuse such as unauthorized scanning, prompt-token cost exhaustion, or submission of sensitive content to the upstream LLM service.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The manifest explicitly defines a remote OpenAI backend for scanning user-supplied text, but it does not disclose that submitted content may be sent to an external service. Because the input is specifically text/code that may contain secrets, users could unknowingly transmit sensitive credentials, proprietary source code, or regulated data off-host, creating confidentiality and compliance risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal