ClawHub

Mqtt Client

Security checks across malware telemetry and agentic risk

Overview

This MQTT client is functional, but it can listen to and print all broker topics when users are told to expect a specified queue.

Review before installing. Use only least-privilege MQTT credentials, assume this version may subscribe to and print all topics visible to that account, inspect any .env file before running bootstrap.sh, and prefer a version that honors MQTT_TOPIC and avoids logging payloads by default.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill declares no permissions in its manifest text, yet it explicitly relies on environment-loaded connection details, which creates a transparency gap about access to sensitive data. In a skill that starts a background network client, undeclared env usage can hide credential access and make operators underestimate the trust they are granting.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The documented behavior says this is a simple MQTT client, but the detected behavior indicates a persistent background process that authenticates with environment credentials, subscribes broadly, and logs received message contents. That mismatch is dangerous because it can turn a seemingly narrow connectivity helper into a passive data collection mechanism spanning all broker traffic accessible to the account.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The implementation materially exceeds the stated purpose of a simple MQTT client by subscribing to the wildcard topic '#' and logging every received payload. In practice this makes the skill a broad listener that can collect potentially sensitive traffic from the broker, creating confidentiality and privacy risk if deployed in shared or production MQTT environments.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The wording around setup and operation is underspecified and implies the user can run bootstrap with no further details, even though the skill establishes an ongoing broker connection and tracks messages. Vague activation language increases the chance of unreviewed execution of a long-lived networked process with access to potentially sensitive broker traffic.

Missing User Warnings

High
Confidence
95% confidence
Finding
The markdown omits a clear warning that the skill connects to MQTT in the background and continuously tracks messages, which can expose sensitive operational or personal data carried over broker topics. Because the process is persistent and network-facing, lack of disclosure materially increases the risk of silent monitoring and accidental deployment in environments with confidential message streams.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The on_message handler logs the decoded payload of every received MQTT message, which can expose credentials, tokens, personal data, device telemetry, or operational secrets to log sinks and operators. Because the client also subscribes broadly, this behavior amplifies the amount and sensitivity of data that may be disclosed.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal