ClawHub

Fluent

Security checks across malware telemetry and agentic risk

Overview

This skill is a Fluent documentation helper, but it requires and stores a third-party API key and contains mismatched Gaokao/Xiaobenyang remnants that users should review before trusting it.

Install only if you trust Xiaobenyang with the API key and your Fluent documentation queries. Review or remove the Gaokao-related remnants, understand that the key is saved locally in plaintext .env, and avoid reusing a sensitive credential.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill advertises no explicit permissions, yet its documented behavior requires environment access, local file writes, and outbound network calls. This hidden capability expansion reduces user visibility and consent, and can enable credential collection and exfiltration through a third-party service without clear declaration.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The skill claims to be a Fluent documentation navigator, but the instructions reveal unrelated behavior: collecting an external API key, persisting it locally, and relying on a third-party Xiaobenyang service. This mismatch is dangerous because it can mislead users into disclosing credentials and approving networked behavior that is unrelated to the stated purpose.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The section requiring an API key and directing users to obtain it from an unrelated external site directly conflicts with the claimed ANSYS Fluent documentation function. In context, this is especially risky because the skill is framed as a simple documentation helper, making users more likely to provide a secret they would not otherwise share.

Intent-Code Divergence

High
Confidence
90% confidence
Finding
The workflow includes contradictory examples and references to unrelated functions such as search_schools while claiming to operate on Fluent documentation tools. Such inconsistencies are a strong indicator of copy-paste or repurposed instructions, which can route data to unintended functions or services and undermine safe review and predictable behavior.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The project structure identifies a different project and external API client purpose than the stated Fluent documentation skill. This discrepancy increases the chance that the packaged code is actually for another service, which could expose user inputs or credentials to unintended endpoints.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The configuration is clearly mismatched with the declared Fluent documentation navigation skill: it references a different service/domain, different environment prefix, and manages an unrelated API key. In a skill that should only provide documentation URL navigation, hidden support for another backend materially expands trust boundaries and can enable unauthorized outbound use of credentials or service pivoting.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
Persisting API keys to a local .env file and exporting them into the process environment is unnecessary for a documentation-navigation skill and creates avoidable credential exposure. Local persistence increases the chance of accidental disclosure through source control, backups, logs, or reuse by other code running in the same environment.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The Settings docstring identifies the code as a different skill, which is a strong indicator of code reuse, packaging mismatch, or undeclared functionality. In a security review, this discrepancy raises the risk that the shipped skill performs actions outside its stated purpose, reducing transparency and undermining informed trust.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code writes a supplied API key directly to .env without any user-facing warning, confirmation, or explanation of persistence behavior. This is dangerous because users may believe they are providing a transient secret, while the skill silently stores it on disk for future access.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal