ClawHub

GLM MCP Server Use

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward GLM/Z.AI MCP setup skill with expected credential and network-use risks, not evidence of malicious behavior.

Install only if you intend to use Z.AI/GLM MCP services. Use a scoped or test API key where possible, keep the generated mcporter config private, run the key check with --masked, avoid pointing --config at an important existing file unless using --keep, and do not send sensitive URLs, repositories, screenshots, or images unless you accept Z.AI processing them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill instructs users to run scripts that read environment variables, write configuration files, and invoke shell/npm tooling, but the skill metadata does not declare those capabilities. This creates a transparency and consent problem: users may execute code with broader access than expected, including handling API keys and writing local config, which increases security risk even if the behavior is operationally legitimate.

Missing User Warnings

Low
Confidence
95% confidence
Finding
The quick-start instructions tell the user to export an API key and then run setup and smoke-test scripts, but do not clearly warn that these steps will perform authenticated outbound requests to third-party Z.AI endpoints. This omission can mislead users about where their credentials and test data will be used, reducing informed consent and increasing the chance of accidental disclosure through routine execution.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script prints the resolved API key in cleartext to stdout unless the caller explicitly passes --masked. Secrets written to stdout are easily exposed through terminal history, process supervision logs, CI job logs, shell redirection, or downstream tooling, which can lead to credential disclosure and unauthorized API use.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal