ClawHub

Graphql Builder

Security checks across malware telemetry and agentic risk

Overview

This is a small GraphQL helper skill whose file access and optional endpoint introspection match its stated purpose, with no evidence of hidden or destructive behavior.

Reasonable to install for simple GraphQL helper tasks. Treat introspection as an outbound network request, only use trusted endpoints, avoid private or sensitive internal URLs unless deliberate, and do not pass files you would not want the agent to read.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill exposes shell-backed commands in its documentation but does not declare any corresponding permissions, creating a mismatch between the stated trust model and actual capability. This can cause users or hosting frameworks to allow execution under insufficient scrutiny, increasing the risk of unsafe command execution or policy bypass if the underlying script handles input insecurely.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill metadata describes building and validating GraphQL artifacts, but the script also performs live network requests to arbitrary user-supplied URLs via the introspection command. This expands the trust boundary and can cause unexpected outbound connections, which is security-relevant in agent environments where users may not expect network access from a formatting/validation helper.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The documented `introspect <url>` command indicates the skill will make a network request to a user-supplied endpoint, but the README provides no warning about that behavior or its risks. In context, GraphQL introspection against arbitrary URLs can enable SSRF-style access to internal services, accidental data disclosure, or unexpected outbound requests if consumers pass untrusted targets.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The introspection command sends a POST request to any provided URL without warning, confirmation, or visible disclosure to the user. In an agent/tooling context, this can enable unintended outbound traffic, SSRF-like access to internal services if the environment has network reachability, or accidental interaction with sensitive endpoints.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal