ClawHub

Source Coop

Security checks across malware telemetry and agentic risk

Overview

The skill mostly behaves like a data-discovery API wrapper, but its branding, credential destination, and default exposure of unpublished dataset listings are not scoped clearly enough for automatic approval.

Install only if you trust Xiaobenyang as the API gateway for this Source Cooperative workflow. Use a dedicated, revocable API key, avoid shared workspaces, check that .env is not committed, and prefer published-only searches unless you specifically need unpublished dataset identifiers.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The document presents itself as a geospatial data service, but the workflow and project structure reference a gaokao/high-school-search skill and unrelated API-key setup. This inconsistency is a strong sign of copied or repurposed instructions, increasing the risk that the model is routed into unintended tools or that users disclose credentials to the wrong service context.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to ask the user for an API key and persist it into .env without disclosing retention, scope, storage security, or alternatives. This can lead to unnecessary long-term credential exposure, accidental reuse by other processes, and unsafe secret handling in shared or multi-tenant environments.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
Defaulting to include unpublished products increases the chance of surfacing non-public or operationally sensitive dataset identifiers and metadata without a clear warning or explicit opt-in. Even if the backing store technically allows enumeration, exposing unpublished content by default weakens privacy and data-governance expectations.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Persisting an API key to .env without explicit user-facing warning or confirmation creates a secret-handling risk because users may not realize credentials are being written to disk. In shared environments, developer workspaces, or misconfigured repositories, this can lead to accidental exposure of long-lived credentials.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The search tool explicitly states it searches and returns unpublished products across all accounts, which can expose non-public dataset identifiers and associated account relationships to any caller with tool access. In a discovery-oriented MCP service, broad cross-account enumeration increases sensitivity because unpublished inventory often reveals embargoed, internal, or not-yet-released data even if file contents are not directly returned.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal