ClawHub

Mercado Público ChileCompra

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly purpose-aligned, but optional API caching can persist the Mercado Público API ticket locally and the skill involves sensitive supplier-portal and OTP access.

Install only if you are comfortable letting an agent assist inside a ChileCompra supplier account. Keep API caching disabled unless the cache is patched to redact the ticket, clear any generated api-cache files after use, prefer manual OTP or a dedicated narrowly scoped mailbox, and require explicit confirmation for every bid, quotation, order, cancellation, complaint, or payment-related change.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill advertises access to sensitive capabilities through metadata and operational instructions: environment secret use (`MERCADO_PUBLICO_API_TICKET`), file reads of local references, network access to public and authenticated portal endpoints, and likely file writes via scripts/cache behavior, yet it does not declare explicit permissions. That mismatch weakens platform governance and user awareness, making it easier for a skill operating against a real authenticated procurement portal to access secrets or perform unintended actions without clear consent boundaries.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The document instructs users to grant the agent access to an inbox so it can read ClaveÚnica OTP emails, but it does not clearly frame mailbox access as a high-sensitivity permission or constrain the scope of access to the minimum necessary. Even though it says access must be explicit and user-validated, normalizing inbox-reading for OTP retrieval can expose unrelated email contents, broaden account compromise risk, and weaken the security boundary intended by multi-factor authentication.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
When caching is enabled, the code stores a normalized request URL alongside the payload, and that URL includes the API ticket as a query parameter. This creates a local secret-at-rest exposure: anyone with access to the cache files, backups, logs, or shared workspace can recover the credential and reuse it against the Mercado Público API.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal