ClawHub

Issue Analysis Agent

Security checks across malware telemetry and agentic risk

Overview

The skill does what it says, but it embeds cloud credentials and publishes support reports to a public URL by default, which can expose internal issue and personnel data.

Install only if you are comfortable with generated support reports, including names and unresolved issue details, being uploaded to a hard-coded Tencent COS bucket and made public-read. Treat the embedded COS keys as compromised, rotate them before any use, and modify the skill to use your own least-privilege credentials, private objects, signed links, and explicit review/redaction before upload.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The configuration embeds live COS cloud credentials (`secret_id` and `secret_key`) directly in a skill config file. Hardcoded secrets are highly dangerous because anyone with access to the skill file can reuse them to access or modify the bucket, upload malicious HTML, exfiltrate stored reports, or pivot into other cloud resources depending on the key's scope.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script explicitly changes uploaded objects to public-read and prints a public URL, making any uploaded report accessible to anyone with the link and potentially discoverable if bucket contents are indexed or shared. In the context of an issue-analysis/customer report uploader, this is dangerous because such reports commonly contain internal diagnostics, customer data, or security-sensitive details that should not be exposed publicly.

Intent-Code Divergence

Medium
Confidence
87% confidence
Finding
After repeated upload exceptions, the function may still return a constructed public URL even though the upload was not confirmed to exist or validate. This can mislead downstream automation or users into believing publication succeeded, causing broken workflows, accidental disclosure attempts, or unsafe assumptions about report availability and integrity.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The script automatically uploads a generated HTML report to a public COS URL, but the provided skill context contains no user consent flow, access control, data-classification check, or documented business justification for external publication. Because the report is built from customer issue data and includes names/statistics, this can expose potentially sensitive internal or personal information to unintended parties through a predictable public path.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README explicitly states that generated reports are uploaded to COS and a public internet link is returned, but it does not warn that the reports may contain sensitive customer-service issue data, internal operational metrics, names of reporters/handlers, or unresolved issue details. In this skill context, the report is built from internal Excel issue data, so publishing by default can cause unintended data disclosure to anyone with the link or via bucket/object enumeration if permissions are broad.

Missing User Warnings

High
Confidence
98% confidence
Finding
The README instructs users to ensure the file ACL is set to public-read so the report link is accessible, which directly encourages exposing generated reports on the public internet. Because the report content appears to summarize internal customer support issues and may include business-sensitive trends or personnel identifiers, this materially increases the likelihood of confidentiality breaches.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly uploads generated reports to COS and produces a public access link, while the source data is customer-support issue data that may contain sensitive operational details and identifiable personnel information. Publishing such reports without warning, access controls, or data-minimization guidance creates a real risk of unauthorized disclosure of internal business data and personal information.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill describes ranking named individuals such as feedback submitters, resolvers, and people associated with unresolved issues, but provides no warning about privacy, fairness, or workplace sensitivity. Even if intended for internal reporting, this can expose employee performance data unnecessarily and amplify reputational or HR risks if shared broadly or published externally.

Missing User Warnings

High
Confidence
99% confidence
Finding
The file contains hard-coded cloud access credentials directly in source code. Anyone who can read the script can reuse these secrets to access the COS account, upload or modify objects, read sensitive data, incur costs, or pivot into broader cloud compromise depending on the credentials' permissions.

Missing User Warnings

High
Confidence
97% confidence
Finding
The script uploads arbitrary file contents and then makes them publicly readable without an explicit warning or approval step. Given the stated use case of uploading issue-analysis reports and HTML files rendered inline in browsers, this creates a strong risk of exposing confidential reports or serving active HTML content publicly.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal