ClawHub
Back to skill

Security audit

DokuTipp

Security checks across malware telemetry and agentic risk

Overview

DokuTipp is a disclosed documentary recommendation skill that downloads a public media list, uses a local preference profile, and has no evidence of hidden or destructive behavior.

Install only if you are comfortable storing viewing preferences in PROFILE.md, downloading the public MediathekView list, and sending the final recommendations through your configured OpenClaw output channel. Do not put secrets or highly sensitive personal details in the profile.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill instructs the agent to execute a shell-capable command (`python3 scripts/start_curation.py`) while declaring no corresponding permissions. This creates a trust and review gap: operators may approve or install the skill believing it is non-executing, even though it can run local code and trigger network activity indirectly through the script.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The documented behavior materially differs from the skill's apparent operational behavior: it claims profile-based documentary recommendations and configured-channel delivery, but the implementation reportedly fetches external data, caches locally, ignores profile matching, and emits to stdout instead. This is dangerous because users and reviewers can be misled about data flows, retention, and where outputs are sent, undermining informed consent and security review.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.