ClawHub

Modelscope Api

Security checks across malware telemetry and agentic risk

Overview

This is a coherent ModelScope helper skill, but users should treat token, install, and deployment examples as sensitive operations.

Install only if you intend to use ModelScope APIs. Prefer a least-privilege token in MODELSCOPE_API_TOKEN, avoid pasting real tokens into shared chats or shell commands that may be logged, and approve install, MCP configuration, deploy, delete, or secret-changing actions only after reviewing the exact target and command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
81% confidence
Finding
The README advertises broader capabilities including deployment and management, while the skill metadata emphasizes query/search/download with user confirmation for changes. This mismatch can cause users or downstream orchestrators to over-trust the skill's safety profile and invoke higher-impact operations than expected.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The skill states that tokens are only used in-session and are not written to files, but later recommends `api.login()` and `modelscope login --token`, which explicitly persist cookies or credentials locally. This inconsistency can mislead users into disclosing secrets under a false assumption of ephemeral handling.

Description-Behavior Mismatch

Medium
Confidence
83% confidence
Finding
The code implements enumeration of a user's operational MCP servers, which is account-scoped information, but the skill metadata only advertises public query/search/download capabilities. This mismatch can expose personal or tenant-specific operational state to the agent/user flow without clear disclosure or consent expectations.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill description includes downloading, creating, deploying, and managing remote resources without prominently warning about the operational and account impact of those actions. In an agent setting, under-disclosed state-changing capabilities increase the risk of users authorizing actions without understanding consequences such as cloud deployment, resource modification, or external data transfer.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal