CrewHaus Tools

Security checks across malware telemetry and agentic risk

Overview

This skill is a visible wrapper around CrewHaus web API utilities, with the main caution that inputs are sent to a third-party service.

Install only if you are comfortable sending the tool input to CrewHaus. Use it for non-sensitive formatting and text utilities; avoid live tokens, API keys, confidential documents, proprietary code, personal data, and production password material.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 87% confidence
Finding: The skill instructs use of a shell helper script (`bash scripts/crewhaus-tool.sh ...`) but does not declare the corresponding shell/code-execution capability. That creates an undeclared execution surface, which can bypass expected permission review and increases the chance that user-influenced input is passed into shell commands without adequate scrutiny.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 81% confidence
Finding: The skill description advertises startup validation, idea scoring, and agent certification alongside harmless text utilities, but the documented implementation only exposes generic tool API endpoints and promotional links. This mismatch can cause the agent to invoke the skill in contexts unrelated to its actual safe utility surface, leading to inappropriate data sharing or user trust being extended to capabilities that are not truly implemented here.

Vague Triggers

Medium

Confidence: 78% confidence
Finding: The trigger guidance is overly broad, including loosely related business and certification scenarios in addition to concrete text-processing tasks. Broad invocation criteria increase the likelihood of unnecessary skill activation and remote transmission of user content to a third-party service when a local or narrower tool would be more appropriate.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill directs sending arbitrary user-provided input to `https://crewhaus.ai/api/tools/{slug}` but provides no warning that the data leaves the local environment and is processed by a third party. Because the listed tools include sensitive payload types such as JWTs, passwords, text diffs, and arbitrary text blobs, users or agents may unknowingly exfiltrate secrets, tokens, proprietary code, or personal data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal