ClawHub

Trakt.tv

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate Trakt.tv integration, but it gives the agent access to read and change your Trakt account and requires careful handling of OAuth tokens.

Install this only if you are comfortable letting the agent use your Trakt account. Treat the client secret, access token, and refresh token as passwords: do not share terminal output, do not commit the OpenClaw config, restrict local file access where possible, and revoke or rotate the Trakt application/token if exposed. Ask the agent to confirm before removals, ratings, watch-history changes, or bulk updates.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill requires shell execution via curl but does not declare any corresponding permission or capability boundary. This creates a transparency and policy-enforcement gap: a host may permit the skill under the assumption it is documentation-only while it actually instructs execution of networked shell commands with credentials.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The declared purpose focuses on managing Trakt data, but the file also includes an OAuth token acquisition flow that handles client secrets, authorization codes, and prints access and refresh tokens for manual storage. That expands the trust boundary from simple API interaction to credential handling, increasing risk of secret exposure and unsafe operator behavior.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README instructs users to place a Trakt client secret, access token, and refresh token into a local JSON config file without any warning that these are sensitive credentials or guidance on file permissions and secret handling. If that config is readable by other local users, backed up insecurely, or accidentally committed, an attacker could use the stored tokens to access and modify the victim's Trakt account and potentially use the client secret to impersonate the application.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill presents state-changing endpoints such as watchlist modification as routine commands without warning that they alter the user's remote Trakt account. In agent settings, this can lead to unintended account changes if commands are executed automatically or with incomplete user confirmation.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The OAuth helper script prints raw access and refresh tokens to terminal output and echoes shell-ready assignment lines, which can leak secrets through scrollback, logging, screenshots, clipboard capture, or shared terminals. Because these tokens grant authenticated API access, exposure can enable unauthorized account actions until revoked.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script reads the Trakt client secret using a normal terminal read, so the secret is echoed visibly on screen and may be exposed to shoulder-surfing, screen recordings, terminal capture tools, or shared session logs. In a helper script specifically handling OAuth credentials, this is an unnecessary exposure of sensitive material even if the script is otherwise legitimate.

Missing User Warnings

High
Confidence
99% confidence
Finding
The script prints the client ID, client secret, access token, and refresh token directly to stdout. This can leak long-lived credentials into terminal scrollback, shell logging, CI logs, remote session transcripts, clipboard captures, or support screenshots, and the refresh token in particular can enable continued account access.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal