ClawHub

Trading Card Game

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate LunchTable-TCG game skill, but it expects an API key, remote game access, and optional webhooks, so credentials and bot deployment need care.

Install only if you want an agent to interact with LunchTable-TCG using your account. Keep LTCG_API_KEY and webhook secrets out of logs, screenshots, chat transcripts, shell history, and source control; use test credentials for webhook.site or ngrok; verify webhook signatures before exposing a bot publicly; and avoid ranked/tournament or publishing scripts unless you deliberately intend those actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (18)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill clearly relies on environment variables and network access, but does not declare corresponding permissions. Undeclared capabilities reduce transparency and can cause users or hosts to authorize behavior they did not explicitly review, especially for a user-invocable skill that sends authenticated requests to a remote service.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The document says the API key is only shown once, then includes a full realistic-looking token in later examples. Even if illustrative, this normalizes copying secrets into commands, logs, and chat output, and may lead users or agents to mishandle real credentials the same way.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The document gives conflicting operational guidance: the full webhook handler performs outbound API calls and game actions before sending HTTP 200, while the reliability section later says to acknowledge immediately and process asynchronously. In a webhook-driven system this can cause retries, duplicate event delivery, turn processing races, and accidental repeated moves if LTCG re-sends events after a slow response.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The sample code falls back to a hardcoded secret (`'your-secret-here'`) despite later stating secrets should never be hardcoded. If users copy this example without setting an environment variable, webhook authentication becomes trivially guessable and forged webhook requests could trigger bot actions or game-state changes.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The guide tells users to run `echo $LTCG_API_KEY` to verify configuration, which prints the full secret to the terminal. This can expose credentials through screen sharing, terminal scrollback, logging, or shoulder-surfing, and the document does not warn users to mask or avoid displaying secrets.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The troubleshooting advice again instructs users to inspect the actual API key value with `echo $LTCG_API_KEY`. Recommending direct secret disclosure in diagnostic steps increases the chance of accidental credential leakage to logs, recordings, support tickets, or other observers.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The examples expose a full bearer-style token and show it being exported directly in shell commands without warning about shell history, logs, screenshots, or source control leakage. That increases the chance of accidental credential disclosure and reuse by downstream agents or users.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The skill instructs the user to register an agent and provide a callback URL to an external service, but does not clearly disclose what metadata is sent or what inbound webhook traffic may contain. For a networked, user-invocable skill, missing privacy and data-flow disclosure weakens informed consent and increases operational risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The checklist instructs users to generate a ClawHub token and store it as a GitHub Actions secret, and optionally do the same with an npm token, but it does not warn that these are sensitive long-lived credentials or provide any guidance on least privilege, rotation, or preventing accidental disclosure. In a publishing workflow, compromise of these tokens could allow unauthorized package or skill publication, tampering with releases, or misuse of the associated accounts.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README instructs users to expose a webhook endpoint publicly via ngrok or cloud hosting, but it does not mention authentication, signature verification, IP allowlisting, replay protection, or the privacy implications of receiving unsolicited internet traffic. In the context of an AI game agent, an unauthenticated public webhook could allow spoofed game events, denial of service, or leakage of operational metadata if users deploy the example as-is.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README tells users to place a live API key in a .env file but does not warn them to keep that file out of source control, restrict file permissions, or avoid sharing it in logs and screenshots. Since the key appears to authorize agent actions against the LTCG API, accidental disclosure could let others impersonate the agent, consume resources, manipulate gameplay, or access associated account functionality.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The agent explicitly records gameplay decisions and sends reasoning, parameters, and timing metadata to the remote /decisions API for training or analysis. Even though this is framed as a feature, users/operators are not warned in-band that behavioral data is being externally retained and analyzed, which creates a privacy and data-governance risk if deployed without informed consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The registration helper prints the newly issued API key directly to stdout, which can expose credentials through terminal history, CI logs, shell session recording, shared consoles, or log aggregation systems. Although intended as a convenience for developers, this creates a real secret-handling weakness because anyone with access to those outputs can reuse the bearer token to control the agent account.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
This guide encourages a bot to make live gameplay decisions and submit actions into ranked/tournament matches, but it does not clearly warn users that these API calls will actively affect real matches and may cause irreversible game-state changes. In this context, automated actions are intentional product behavior, but the lack of an explicit operational warning increases the risk of accidental misuse, testing against production, or unintended disruption of competitive play.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The document uses API keys and webhook secrets in a networked automation workflow but does not provide a clear user-facing warning about credential exposure, secret handling, or the consequences of leaked tokens. While the code uses environment variables rather than hardcoded secrets, operators may still mishandle them in logs, deployments, or shared examples.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The guide recommends webhook.site for testing without warning that all webhook payloads will be delivered to a third-party request-capture service. Those payloads include game identifiers, usernames, and potentially signatures or other operational metadata, so users may unintentionally disclose data outside their environment.

Ssd 3

Medium
Confidence
93% confidence
Finding
Embedding a live-looking API key in setup examples conditions users and agents to treat secrets as ordinary text to be copied and echoed. In LLM-driven environments, this pattern can propagate secrets into prompts, logs, terminal history, or support conversations.

Ssd 3

Medium
Confidence
94% confidence
Finding
The authentication section includes a literal bearer token in an Authorization header example. This creates a strong copy-paste pattern for secret disclosure and may cause agents to reproduce sensitive headers verbatim in responses or logs.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal