ClawHub

Create MCP Server

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent MCPHero setup guide, with normal but sensitive token, deployment, and deletion steps that users should handle carefully.

Before installing, verify the mcpheroctl package source, use scoped and revocable tokens, avoid pasting real secrets into shared chats or logs, protect any client config containing Authorization headers, review generated tools and env vars before deployment, and confirm the exact server before using irreversible delete commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs users to create and pass an organization API token and later handle bearer tokens, but it does not explicitly warn that these are sensitive credentials that must not be logged, pasted into chats, committed to files, or exposed in client configs without care. In an agent-driven workflow, omission of credential-handling guidance increases the risk of accidental secret disclosure through terminal history, stdout/stderr capture, or config sharing.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill documents `server delete SERVER_ID --yes` with only a terse inline note that deletion is irreversible, but does not require or recommend explicit confirmation, backup/export, or verification of the target server. In an automation-oriented skill, this can lead to accidental destructive actions against production resources with no recovery path.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The eval embeds a bearer token directly in natural-language example content and expects the model to reproduce it in output. Even if the token is illustrative, normalizing secret-in-prompt handling encourages insecure copying of credentials into configs, logs, screenshots, and test artifacts, and could become dangerous if real tokens are later substituted.

Ssd 3

Medium
Confidence
97% confidence
Finding
This evaluation explicitly instructs the model to echo a provided bearer token into configuration output, which is a secret-handling anti-pattern. It trains and validates behavior that reproduces sensitive credentials verbatim, increasing the risk of disclosure through generated files, telemetry, chat history, or copied documentation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal