ClawHub

AI Twitter Daily

Security checks across malware telemetry and agentic risk

Overview

The skill appears to generate reports through an external AI API, but it sends prompts and a bearer token to a configurable third-party endpoint without enough scoping or permission disclosure.

Install only if you are comfortable sending report prompts and the configured API key to the documented endpoint. Prefer a vetted provider URL, avoid putting sensitive private data into prompts, and do not set GROK_API_URL to any host you do not fully trust.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Tainted flow: 'API_URL' from os.getenv (line 7, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
"stream": True
    }
    
    response = requests.post(API_URL, headers=headers, json=payload, timeout=180, stream=True)
    
    if response.status_code != 200:
        print(f"HTTP {response.status_code}: {response.text}", file=sys.stderr)
Confidence
97% confidence
Finding
response = requests.post(API_URL, headers=headers, json=payload, timeout=180, stream=True)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill declares no permissions while clearly requiring environment variables and outbound network access. This creates a transparency and consent problem: users or hosting platforms may invoke the skill without understanding that secrets are read from the environment and sent to an external API.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill permits its outbound API endpoint to be changed via GROK_API_URL, enabling transmission of the prompt and bearer token to arbitrary third-party infrastructure. This creates a clear data exfiltration and credential leakage path and may also be abused to reach unintended internal or attacker-controlled services. Given the skill’s narrow reporting purpose, endpoint override is unnecessary and increases risk.

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
export GROK_API_KEY="your-api-key-here"
export GROK_API_URL="https://api.cheaprouter.club/v1/chat/completions"  # optional
export GROK_MODEL="grok-4.20-beta"  # optional
```
Confidence
94% confidence
Finding
https://api.cheaprouter.club/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal