ClawHub

调整 token 鉴权机制

Security checks across malware telemetry and agentic risk

Overview

This skill openly manages a paid Fast Claw API key and checkout workflow, but users should understand it stores the key locally in plaintext.

Install only if you intend to use the Fast Claw paid service. Verify FAST_CLAW_SERVICE_URL before sending prompts or paying, review checkout pages before completing payment, and treat ~/.fast-claw/api-key.json as a sensitive plaintext secret; delete it with clear-api-key when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill instructs use of environment variables, local file reads/writes, and network access to manage and persist API keys, but no permissions are declared. This creates a transparency and consent problem: an agent could perform sensitive operations such as storing credentials locally or contacting remote services without an explicit permission boundary for the user or platform.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill persists a long-lived API key to a local file and describes clearing/replacing it, but does not prominently warn about credential sensitivity, file-system exposure, path redirection via environment variables, or the consequences of storing a reusable key on disk. In context, this is more dangerous because the skill is specifically designed to handle paid-service credentials that can be abused if leaked.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The default prompt broadly instructs the agent to obtain or reuse a local API key and call a paid microservice without clear user-consent, trigger, or scope constraints. In a billing- and credential-related skill, vague activation language increases the chance of unintended checkout, recharge, or credential use, which can lead to unauthorized charges or use of persisted secrets.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The client persists a long-lived API key to disk in plaintext JSON under the user's home directory without setting restrictive file permissions or providing a meaningful warning before storage. On multi-user systems or misconfigured environments, this can expose credentials to other local users, backups, syncing tools, or malware, enabling unauthorized use of the paid service.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal