ClawHub
Back to skill

Security audit

NocoDB API

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed NocoDB API wrapper with powerful database and admin actions, but I found no hidden execution, unrelated data access, or deceptive behavior.

Install only if you want an agent to operate NocoDB using your API token. Use a dedicated least-privilege token, verify NOCODB_URL, avoid broad production/admin tokens unless needed, do not print or share the token, and require explicit approval before deletes, bulk updates, schema changes, member/team changes, script actions, token actions, or file uploads.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (9)

Tp4

High
Category
MCP Tool Poisoning
Confidence
83% confidence
Finding
The description understates the breadth of privileged operations exposed by the skill. In addition to ordinary record access, it documents administrative actions such as member management, team management, script management, and API token creation/deletion, which can materially expand the attack surface and mislead users or automated approval systems into granting broader access than intended.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill includes token:list, token:create, and token:delete operations that materially expand its authority beyond the stated purpose of data/schema interaction. Token administration can create or revoke credentials and therefore change long-term access boundaries, making misuse or prompt-induced execution much more dangerous than ordinary record operations.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill exposes team and membership administration despite the description focusing on database/data operations. These commands can alter workspace access control and permissions, so an agent using this skill may unexpectedly add, update, or remove principals from teams without the user understanding that identity administration is in scope.

Description-Behavior Mismatch

Medium
Confidence
81% confidence
Finding
Script management capabilities are not described in the manifest, creating a capability mismatch that can surprise users and downstream policy systems. Because scripts may contain automation logic or sensitive business behavior, the ability to create, update, or delete them broadens the operational impact beyond simple database CRUD.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill documents destructive operations such as delete/update of workspaces, bases, tables, fields, views, records, filters, sorts, scripts, teams, and tokens without any cautionary guidance. In an agentic context, omission of warnings increases the risk of accidental destructive actions, especially because the skill supports both data-plane and control-plane changes on a live system.

Missing User Warnings

Low
Confidence
72% confidence
Finding
The setup section instructs users to export and handle an API token but provides no privacy or secret-handling guidance. While common in CLI docs, this can still lead to token exposure through shell history, shared terminals, screenshots, or insecure environment management.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The troubleshooting section explicitly tells users to print the API token with `echo $NOCODB_TOKEN`, which can disclose credentials into terminal scrollback, screen recordings, logs, or shared support transcripts. Because this token authenticates privileged API access, disclosure can enable unauthorized read, write, schema, or administrative actions depending on its scope.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The CLI exposes many destructive actions such as delete operations for workspaces, bases, tables, fields, views, records, scripts, teams, and tokens with no confirmation or dry-run mechanism. In an agent setting, this increases the risk of accidental or prompt-induced irreversible modification or deletion of production data and access artifacts.

Missing User Warnings

Medium
Confidence
76% confidence
Finding
The attachment upload command transmits a local file to the remote NocoDB service without any user-visible warning or confirmation at execution time. In an agent context, that creates a real risk of unintended exfiltration of sensitive local files if a path is supplied through prompt manipulation or user misunderstanding.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal