Xpoz Setup

Security checks across malware telemetry and agentic risk

Overview

This setup skill is mostly coherent, but its headless OAuth helper can run unintended local code if given a crafted authorization code.

Install only if you intend to connect an Xpoz account to OpenClaw for social-media search. Prefer the normal browser login flow, and avoid the remote/headless authorization-code helper until it is fixed to pass the code safely as data and to clean temporary OAuth state on all failure paths.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Low

Confidence: 92% confidence
Finding: The script promises that OAuth state files are cleaned up after exchange, but cleanup occurs only after the embedded Python completes successfully. Because the shell is running with 'set -e', any token exchange or mcporter configuration failure exits before 'rm -f "$STATE_FILE"' runs, leaving the PKCE verifier, client_id, and state on disk longer than intended.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill automatically routes the user into a third-party OAuth flow and asks them to sign in with Google, but the description does not prominently disclose that external authentication will occur and that the resulting account linkage grants access to social-media intelligence functions. This can mislead users about who they are authenticating with and what data or permissions are being granted.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal