ClawHub

MDshare Agent

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward MDShare integration for publishing and managing temporary Markdown links, with real privacy and token-handling risks that are mostly disclosed and purpose-aligned.

Install this only if you want an agent to send Markdown to MDShare or another MDShare deployment. Review content for secrets, personal data, or internal material before publishing, and keep manage/edit links private because anyone with them may edit, change settings, or delete the share.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger list includes broad, everyday phrases like 'publish notes' and 'generate a temporary link', which can cause the skill to activate in contexts where the user did not intend to send content to an external sharing service. Because this skill can create public or token-bearing links, accidental invocation could expose user Markdown or metadata to a third-party deployment.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to use an external service and generate public, edit, and manage links, but it does not give a clear upfront warning that the user's Markdown will be transmitted off-platform. This increases the risk of unintentionally sending sensitive notes, credentials, or proprietary content to a third-party server, especially since alternate deployments are also permitted.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The documentation exposes privileged manage, settings, and delete operations authenticated solely by bearer-style share tokens, but it does not warn that these tokens are equivalent to credentials and may grant edit or destructive owner access. In an agent skill context, omission of handling guidance increases the chance that tokens are logged, echoed to users, stored insecurely, or passed to other tools, enabling unauthorized modification or deletion of shares.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger phrases are broad enough that a general-purpose agent could invoke this skill for loosely related requests like 'share this note' without first confirming the user actually wants content sent to an external MDShare service. In this skill’s context, over-broad activation is risky because the action publishes user-provided markdown remotely and may generate sensitive public or management links.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The example documents a direct POST that uploads markdown content to a remote service but does not warn that the full document leaves the local environment and may become accessible via generated links. In an agent setting, this omission can lead to unintentional disclosure of sensitive notes, credentials, internal documentation, or personal data if the agent treats sharing as routine.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The workflow instructs the agent to return a manage link by default, but does not require a clear warning that the link grants full owner-level control over the share. Because manage tokens are effectively bearer secrets, a user may forward, log, or paste them unintentionally, leading to unauthorized edits, settings changes, or deletion.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The settings workflow says to regenerate and return a new edit link when an editor token is issued, but it omits any warning that the edit link is also a bearer credential. Although less powerful than a manage link, disclosure still enables unauthorized modification of shared content.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal