ClawHub

Yandex Tracker CLI

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Yandex Tracker CLI, but it needs review because it can directly change or delete live Tracker data and its attachment path protection is not fully robust.

Review this before installing in a real organization workspace. Use a least-privilege Yandex Tracker token, keep the token out of logs and shared config, set a dedicated YANDEX_TRACKER_ATTACHMENTS_DIR, avoid symlinks in that directory, and require explicit human confirmation before any delete, transition, update, upload, or export command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The documentation makes a concrete security claim that attachment upload/download paths are restricted to an allowed directory, but this file contains no enforceable mechanism and may create a false sense of safety for users or agents. If the underlying script does not actually validate canonicalized paths, an agent could be induced to read sensitive local files for upload or overwrite arbitrary files during download.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The CLI performs irreversible issue deletion immediately with no warning, dry-run, or confirmation gate. In a shell context, accidental invocation, scripting mistakes, or argument substitution errors can permanently remove tracker data at API speed, especially because the tool is designed for automation against live remote resources.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Comment deletion is executed directly without any user-facing confirmation or safety interlock. In an automation-oriented CLI, this increases the risk of unintended data loss from mistyped IDs, reused shell history, or script bugs affecting production tracker records.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Checklist item deletion occurs immediately with no confirmation, making accidental removal of workflow/state data easy. Because the tool targets remote issue-tracking data, a simple argument error can delete the wrong checklist item and disrupt team process or auditability.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal