ClawHub

Side Peace

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it handles secrets through an unauthenticated HTTP server exposed to the local network by default.

Review before installing. Use only the localhost URL, avoid shared or untrusted networks, use short-lived scoped tokens, avoid the xargs one-liner, and delete the generated secret file immediately after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill documentation describes running a local HTTP-based secret collection flow, which is a network capability, but no corresponding permission declaration is present. Undeclared network behavior is dangerous because it prevents informed consent and can cause the agent to expose a listening service unexpectedly in environments where network access should be tightly controlled.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The skill is presented as a minimal secure secret handoff, but its documented behavior includes opening a server on all interfaces and advertising a LAN URL, allowing any host on the local network to submit the secret. This materially changes the threat model: a nearby attacker or malicious device on the same network could race to submit data, intercept usage patterns, or abuse the endpoint in ways the user would not expect from the description.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
This is a real security issue. The server binds to 0.0.0.0 and explicitly advertises network-reachable URLs for local IPs, so any host on the same network can access the secret submission page and race to submit arbitrary data before the intended user. In the context of a tool whose core purpose is secure secret handoff, exposing the endpoint beyond localhost materially increases risk because there is no authentication, origin check, or one-time token protecting submissions.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
Or one-liner:
```bash
cat /tmp/side-peace-xxx.secret | xargs -I{} npx clawhub login --token {} --no-browser; rm /tmp/side-peace-xxx.secret
```

## Security
Confidence
89% confidence
Finding
rm /tmp/

Chaining Abuse

High
Category
Tool Misuse
Content
Or one-liner:
```bash
cat /tmp/side-peace-xxx.secret | xargs -I{} npx clawhub login --token {} --no-browser; rm /tmp/side-peace-xxx.secret
```

## Security
Confidence
91% confidence
Finding
| xargs -I{} npx clawhub login --token {} --no-browser; rm

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal