ClawHub

Pura

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Pura LLM routing integration, with expected remote API, credential, reporting, and wallet-related operations for that service.

Install only if you are comfortable routing agent prompts through Pura and potentially downstream providers such as Groq, Gemini, OpenAI, or Anthropic. Treat PURA_API_KEY as a real credential, avoid sharing setup or verify output, and review wallet or report commands before running them because they access billing or funding-related account functions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill documents shell-based capabilities and network interactions but does not declare corresponding permissions. In a plugin/skill ecosystem, undeclared capabilities reduce transparency and can cause operators to install a skill without understanding that it will make outbound requests and use shell commands, increasing supply-chain and data-exfiltration risk.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The skill claims to be a simple cost-optimization router, but the documented behavior also includes account management, reporting, wallet funding, and direct remote API interactions. This mismatch is dangerous because users may authorize the skill under a narrower trust assumption while it also exposes billing/account operations and sends prompts to a third-party service.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill encourages routing prompts through Pura and, by design, onward to multiple downstream model providers, but it does not prominently warn that prompt content, metadata, and possibly sensitive conversation context leave the local agent boundary. In an agent environment, this can expose secrets, internal data, or regulated information to additional third parties without informed consent.

Missing User Warnings

Low
Confidence
78% confidence
Finding
The examples show creating and exporting an API key and using it in authenticated requests, but they do not include basic credential-handling guidance. This can lead users to paste secrets into logs, shell history, screenshots, or shared environments, making credential leakage more likely.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script automatically creates an API key and performs outbound requests to a third-party gateway without any explicit user confirmation or warning about network transmission. In a verification script this behavior may be expected, but it still creates risk because running the script can provision credentials and send data externally with minimal user awareness.

External Transmission

Medium
Category
Data Exfiltration
Content
# 1. Ensure we have an API key
if [[ -z "${PURA_API_KEY:-}" ]]; then
  echo "No PURA_API_KEY set. Generating one..."
  RESPONSE=$(curl -s -X POST "${GATEWAY_URL}/api/keys" \
    -H "Content-Type: application/json" \
    -d '{"label":"openclaw-verify"}')
Confidence
91% confidence
Finding
curl -s -X POST "${GATEWAY_URL}/api/keys" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
# 3. Send a real inference request
echo ""
echo "Sending inference request..."
RESPONSE=$(curl -s -w "\n%{http_code}" -X POST "${GATEWAY_URL}/v1/chat/completions" \
  -H "Authorization: Bearer $PURA_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"messages":[{"role":"user","content":"Reply with exactly: pong"}],"stream":false}')
Confidence
93% confidence
Finding
curl -s -w "\n%{http_code}" -X POST "${GATEWAY_URL}/v1/chat/completions" \ -H "Authorization: Bearer $PURA_API_KEY" \ -H "Content-Type: application/json" \ -d

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal