ClawHub

Tmp.AcmpIwnu3y

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Tempo MCP integration, but it needs Review because it grants broad time-tracking and approval authority while understating cross-user access risk.

Install only if you intend to let an agent act against Tempo with the permissions of your token. Use a least-privilege token, avoid admin or manager-scoped tokens unless necessary, and require manual confirmation before deleting worklogs, plans, teams, accounts, or taking approval-related actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The terms section asserts the server cannot access anyone else's worklogs or colleagues' time entries, but the documented tools explicitly allow querying by user, team, project, account, and approving timesheets. This misleading assurance can cause users or downstream agents to over-trust the skill and invoke privacy-sensitive or admin-capable operations they would otherwise treat as restricted.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger language is broad enough to match general Jira/Tempo-related requests, which increases the chance the skill is invoked when the user did not specifically intend to access or modify Tempo data. In a skill that can create, update, delete worklogs and manage approvals, accidental invocation raises the risk of unintended data exposure or state-changing actions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill documents destructive and sensitive actions such as deleting worklogs, deleting plans/teams/accounts, and handling timesheet approvals without requiring confirmation or warning about irreversible effects. In an agentic context, that omission makes it more likely an assistant will execute a high-impact action directly from a natural-language request or misunderstanding.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal