ClawHub

Environment Secrets Rotator

Security checks across malware telemetry and agentic risk

Overview

This secret-rotation skill does what it claims, but it also automatically keeps plaintext copies of newly generated secrets in a home-directory history file without clear opt-in.

Review the script before installing. If you use it, start with --dry-run, rotate only specific files and keys, avoid running it on production secrets until rollout is planned, and delete or protect ~/.env-rotation-history.json plus any .env backup files because they may contain live plaintext credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill explicitly describes reading and modifying .env files, creating backups, and optionally writing output files, yet it declares no corresponding permissions. This mismatch can hide sensitive file access and file mutation capabilities from a host permission model, reducing transparency and increasing the chance of unreviewed secret exposure or destructive changes.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill persists newly rotated secret values to ~/.env-rotation-history.json, which expands beyond the stated purpose of rotating env secrets and generating Vault commands. Storing plaintext secrets in a secondary history file creates an additional sensitive datastore that may be readable by other local processes, accidentally backed up, or later exfiltrated.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The history feature reads and returns previously rotated secret values, effectively exposing stored credentials through a convenience command unrelated to the minimum required rotation function. This increases the blast radius of any local access to the tool and makes secret disclosure easier once the history file exists.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README documents commands that directly modify .env files and emphasizes convenience features, but it does not clearly warn users that rotation will overwrite live credentials, may break dependent services until downstream systems are updated, and may print or otherwise expose newly generated secret material depending on output mode. In a secret-rotation tool, missing operational safety guidance increases the chance of accidental credential disclosure or service disruption during normal use.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill says it rotates secrets in .env files but does not prominently warn that modifying active credentials can break running applications, deployments, or integrations if rollout is not coordinated. In a secret-rotation tool, omission of that warning materially increases the risk of accidental service outage or lockout.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The examples print newly generated secrets and Vault commands containing plaintext values directly to stdout. Even if intended as examples, this normalizes behavior that can leak secrets into terminal scrollback, shell history, CI logs, chat transcripts, or observability systems.

Missing User Warnings

High
Confidence
99% confidence
Finding
Rotation history stores newly generated secret values in plaintext in a home-directory JSON file without clear user disclosure. This creates an unnecessary persistent copy of secrets outside the target env file and Vault workflow, materially increasing exposure if the endpoint is compromised or routinely backed up.

VirusTotal

52/52 vendors flagged this skill as clean.

View on VirusTotal