ClawHub

Npm Publish

Security checks across malware telemetry and agentic risk

Overview

This skill is for npm publishing, but it also directs agents to automate npm credential use and persist a broad registry token on disk.

Review before installing. The normal build, test, npm login, npm whoami, npm publish, and npm view steps are coherent, but do not let an agent create or store npm tokens unless you explicitly intend that. Prefer manual npm login or a tightly scoped token, inspect any script before running it, and remove any temporary token from npm and ~/.npmrc after publishing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The documented flow exceeds the stated purpose of publishing a package by minting a new npm automation token and persisting it in ~/.npmrc. That creates a durable credential on the host, expanding the blast radius from a one-time interactive login into ongoing registry access if the machine, account, or file is later compromised.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
Using browser automation to leverage an authenticated npm web session to mint API tokens is a sensitive credential-harvesting/persistence capability, not merely a publish helper. It bypasses the narrow task boundary and can silently convert a temporary browser-authenticated action into reusable API access, which materially increases abuse potential.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The example creates a non-readonly token with no meaningful restriction, despite advising that tokens should be publish-only when possible. This grants broader-than-necessary capabilities, so any leaked token could be used for unintended registry operations beyond the immediate publishing task.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill instructs automated credential entry, token creation, and writing the token into ~/.npmrc without a clear, prominent warning that it will persist credentials and modify local authentication state. Users may believe they are performing a one-time publish while the skill silently establishes long-lived access on disk, increasing the chance of credential misuse or later compromise.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal