ClawHub

Bring Rezepte

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a Bring shopping-list helper, but one script can send Bring authorization headers to any user-supplied content URL, which creates a real account-token leakage risk.

Install only if you are comfortable giving the skill access to your Bring account and shopping lists. Do not use untrusted --content-url values; keep them limited to official Bring API content URLs. Leave BRING_NODE_API_PATH unset unless it points to local code you have reviewed, and provide Bring credentials through secure environment or secret storage rather than exposing them in logs or prompts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill requires sensitive environment variables (BRING_EMAIL and BRING_PASSWORD) and performs network operations against external services, but does not declare corresponding permissions. This creates a transparency and governance gap: users or platforms may invoke the skill without clear awareness that credentials will be accessed and transmitted to third-party endpoints.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The script dynamically requires executable code from BRING_NODE_API_PATH, an environment-controlled path, before falling back to local or package imports. In any environment where an attacker can influence environment variables or invocation context, this enables arbitrary code execution under the privileges of the skill, which is much more dangerous than the recipe/inspiration functionality requires.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill dynamically loads executable code from a path controlled by the BRING_NODE_API_PATH environment variable before falling back to expected local or package sources. In an agent/runtime environment where environment variables can be influenced by deployment, wrappers, or other components, this creates an arbitrary code execution/trust-boundary violation because untrusted code would run with the skill's privileges and access to Bring credentials.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The reference instructs use of account credentials and authenticated endpoints that can modify a user's Bring! shopping list, but it does not require explicit user consent, warn about account-side changes, or describe safe handling of email/password and tokens. In an agent skill context, this creates a real risk of unintended list modification and over-collection or mishandling of sensitive authentication material.

Natural-Language Policy Violations

Low
Confidence
80% confidence
Finding
Hard-coding the country header to DE can cause requests to be made with an incorrect locale, which may misrepresent the user's region and lead to privacy or account-behavior mismatches. While not severe on its own, it is a genuine security/privacy weakness because it silently overrides user context instead of deriving locale from user choice or account settings.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal