ClawHub

216medsearch

Security checks across malware telemetry and agentic risk

Overview

The skill performs the advertised medication lookup, but it ships an exposed internal API token and sends drug queries over unencrypted HTTP.

Install only if you are authorized to use this internal medication API and understand that queried drug names will be sent to that service. The publisher should rotate the exposed token, move credentials to protected runtime configuration, use HTTPS if available, and add input validation before this is considered low risk.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The script embeds a long-lived API authentication token directly in source code, which exposes a reusable secret to anyone who can read, copy, or log the skill. Because the token is then used to access an internal API, leakage could enable unauthorized queries or broader abuse of the backend service under the skill's identity.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README describes sending user-supplied medication queries to an internal HTTP API and notes that authentication is built into the script, but it does not clearly warn users about network transmission, internal service access, or credential use. In an agent context, this increases the risk of unintended disclosure of user input to an internal service and obscures the trust boundary, especially since the endpoint uses plain HTTP rather than HTTPS.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The skill explicitly sends user-supplied drug names to an internal HTTP API but does not clearly warn users that their input will leave the local interaction boundary and be transmitted over the network. This creates a privacy/transparency issue and may expose sensitive medical-related queries to internal logging, monitoring, or interception, especially because the endpoint uses plain HTTP rather than HTTPS.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill silently uses an embedded API token in an outbound request without disclosing that credentialed access is occurring on the user's behalf. This is dangerous because users and operators may unknowingly distribute or run code that contains active credentials, increasing the chance of credential theft, misuse, and unauthorized access to the remote service.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script transmits user-supplied medication names to a remote endpoint over plain HTTP, which provides no transport encryption. This exposes potentially sensitive query data and response contents to interception or tampering by anyone with network visibility, especially concerning in a medical context where lookup terms may reveal health-related information.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal