ClawHub

Chanjing Credentials Guard

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Chanjing credential helper, but it needs Review because it handles live secrets and has under-scoped token and environment controls.

Install only if you trust this helper with Chanjing AK/SK and access tokens. Keep CHANJING_OPENAPI_BASE_URL and CHANJING_API_BASE unset unless you intentionally use a verified Chanjing HTTPS endpoint, do not paste printed tokens or keys into chat, and protect or rotate the credentials if they appear in shell history, logs, or shared backups.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill declares no permissions even though its documented behavior includes reading and writing credential files, accessing environment variables, invoking shell commands, and making network requests for token retrieval. This is dangerous because consumers and policy engines may trust the manifest and approve execution without understanding that the skill can handle secrets and contact remote services.

Tp4

High
Category
MCP Tool Poisoning
Confidence
92% confidence
Finding
The description says the skill safely guides users via local commands only, but the documented flow also opens a browser, calls a remote token API, and persists refreshed tokens to disk. That mismatch can mislead users and orchestration systems into treating the skill as purely local and low-risk when it actually performs remote authentication actions with sensitive credentials.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The skill claims to guide users through local-only credential handling, but this reference explicitly documents a remote API call that requires sending AK/SK to an external service to mint an access token. This mismatch expands the skill's effective behavior and creates a risk that an agent or user will transmit sensitive credentials off-host when they expected only local operations.

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
Including external login and documentation URLs broadens the operational scope beyond purely local credential configuration and may steer users or agents into web-based flows not disclosed by the skill description. In a credential-related skill, such expansion increases phishing, misdirection, and unintended network interaction risk, even if the links appear legitimate.

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The skill metadata claims credentials are configured safely via local commands only, but this script opens an external login page and instructs users to retrieve AK/SK from a website. That mismatch can mislead users and agents about network exposure and trust boundaries, increasing phishing, credential-handling, and policy-bypass risk because the workflow depends on a browser session with a third-party site.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation tells users to store long-lived secrets and optional access tokens in a plaintext local JSON file without any warning about file permissions, encryption, or process/user isolation. This can lead to credential disclosure through weak filesystem permissions, backups, logs, or multi-user host access.

Credential Access

High
Category
Privilege Escalation
Content
description: >-
  Guide users to configure local Chanjing credentials safely via local
  commands only, and validate local token status when needed.
credential: credentials.json (app_id/secret_key; access_token persisted on disk)
openclaw_primary_env: false
environment: CHANJING_OPENAPI_CREDENTIALS_DIR, CHANJING_OPENAPI_BASE_URL
legacy_environment: CHANJING_CONFIG_DIR, CHANJING_API_BASE
Confidence
84% confidence
Finding
credentials.json

Credential Access

High
Category
Privilege Escalation
Content
### Step 1: Check if already configured

Check if local AK/SK already exists (read `~/.chanjing/credentials.json` for non-empty `app_id` and `secret_key`, or run `python skills/chanjing-credentials-guard/scripts/chanjing_config.py --status`).

### Step 2: Branch on result
Confidence
81% confidence
Finding
credentials.json

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal