ClawHub

Aliyun Opensearch Search

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but its quickstart can write sample records to a live OpenSearch data source and uses credentials in an under-guarded way.

Review before installing. Use only least-privilege OpenSearch credentials, prefer a test datasource first, verify the connection uses HTTPS/TLS before providing credentials, and do not run the quickstart or bundled script against production unless you explicitly want it to add the sample documents.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
82% confidence
Finding
The skill relies on sensitive environment variables for endpoint configuration and credentials, but it does not declare permissions or explicitly signal that it accesses secrets from the environment. In an agent setting, undeclared secret access reduces transparency and can cause the skill to be invoked with broader access than the user expects, increasing the risk of credential misuse or accidental disclosure.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The quickstart prominently includes `push_documents` with `cmd: add`, which performs a mutating write against a live OpenSearch datasource, but the example does not provide a clear warning that it changes remote data. In an agent-assisted workflow, users may run sample code verbatim assuming it is read-only, leading to unintended document insertion, overwrite, or operational side effects in production-like environments.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal