ClawHub

MCP Business Integration

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only MCP integration guide; its sensitive examples are relevant to the topic but should be treated as illustrative, not production-ready security guidance.

Install this as a guide, not as a hardened MCP server. If you copy its snippets into real systems, add least-privilege credentials, explicit approval for writes or business-impacting actions, file path restrictions, input validation, audit controls, redacted logging, and clear rules for caching or retaining business data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger description includes broad phrases such as "business data" and "agent integration," which can cause the skill to be invoked in many unrelated contexts. Because this skill discusses database, file, API, and write capabilities, overbroad activation increases the chance an agent routes sensitive tasks here without sufficient user intent verification.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill describes querying databases/APIs, accessing files, executing tools, and maintaining context across sessions, but does not warn about privacy, authorization, data sensitivity, or side effects. In a skill meant to connect agents to business systems, omission of these warnings can normalize unsafe use of powerful capabilities and lead to accidental exposure or modification of sensitive enterprise data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal