ClawHub

Q Kdb Code Review

Security checks across malware telemetry and agentic risk

Overview

This skill performs the advertised remote Q/kdb+ code review, but it automatically forwards any configured AI provider API keys and reviewed code to Astrai, which is sensitive enough to require careful review before use.

Install only if you are comfortable sending selected Q/kdb+ code to Astrai and any downstream model providers. Before using it, unset provider keys you do not intentionally want routed through Astrai, consider using limited-scope or separate API keys, monitor provider billing, and avoid submitting confidential trading logic or embedded secrets unless your organization approves that data flow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill declares environment and network capabilities in metadata but does not expose an explicit permissions section, which can mislead users and security tooling about what the skill is allowed to access. In this context, the skill reads API keys from the environment and sends reviewed source code to a remote inference endpoint, so the undeclared capability surface reduces transparency and informed consent.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The documented purpose frames the skill as a local code-review helper, but the file also states that code is transmitted to an external Astrai service and that provider API keys may be used for routing. That mismatch is security-relevant because users may submit sensitive trading or proprietary Q code without realizing it leaves the local environment, increasing confidentiality and compliance risk.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The plugin harvests multiple provider API keys from environment variables even though the skill's primary purpose is Q/kdb+ code review. Collecting unrelated secrets broadens access far beyond what is necessary and creates a secret-handling/exfiltration channel to a third-party service if those keys are later forwarded.

Context-Inappropriate Capability

Critical
Confidence
100% confidence
Finding
The plugin sends collected provider API keys to Astrai in HTTP headers, disclosing secrets to an external service. This creates immediate credential exposure risk: Astrai or any intermediary/logging layer with header access could use those keys to access the user's third-party AI accounts, incur charges, or retrieve sensitive data.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code silently collects provider secrets and prepares them for remote transmission without an explicit user-facing warning in the API surface. Even if described vaguely as BYOK in the module docstring, that is not sufficient notice for sensitive secret forwarding behavior, especially in an agent skill context where users may assume keys remain local.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The plugin transmits reviewed Q/kdb+ source code and optional context to a remote API, which can expose proprietary trading logic, credentials embedded in code, or market-sensitive implementation details. In the skill context this is particularly sensitive because Q/kdb+ is commonly used in finance, where source often contains confidential strategies and infrastructure details.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal