ClawHub

Wallabag

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it says, but it contains a shell-script flaw that can run unintended local commands from crafted bookmark/search/tag text.

Install only if you trust the publisher or can patch scripts/wallabag.sh to remove eval-based argument construction. Use a trusted HTTPS Wallabag instance, prefer a dedicated low-privilege Wallabag account, avoid auth --show-token in logged sessions, and require clear user confirmation before delete operations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill declares shell-based execution but does not declare corresponding permissions, creating a transparency and policy-enforcement gap. That can let a caller invoke command execution against local tooling and networked APIs without an explicit permission boundary, increasing the chance of unintended command or data access.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The auth subcommand can print the full OAuth token response, including the access token, when invoked with --show-token. In an agent or automation context, stdout is commonly logged, surfaced to users, or captured by orchestration systems, so this creates a real secret-exposure path even though it may be intended for debugging.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill exposes a destructive `delete` operation but does not require explicit confirmation or a warning before removal. In an agent setting, ambiguous prompts, prompt injection, or user misunderstanding could cause irreversible bookmark deletion with little friction.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal