ClawHub

Connectors Available

Security checks across malware telemetry and agentic risk

Overview

The skill does the connector lookup it promises, but its helper scripts handle user input and local credential files unsafely enough to require review before installation.

Install only if you are comfortable reviewing and running local shell scripts. Do not pass untrusted token or data-file values, avoid admin/admin credentials, keep the Hummingbot API bound to a trusted local interface, and avoid running this version in directories with sensitive .env files until the scripts safely parse explicit settings instead of sourcing them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (13)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The script automatically sources local .env files and exports all variables into the environment, which is more powerful than simply reading a few configuration values. In shell, source executes file contents as code, so a malicious or tampered .env can run arbitrary commands and expose secrets when the script is invoked.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The script unnecessarily sources local .env files and imports all variables into its environment before performing a simple connector availability check. This expands the script's access to credentials and configuration beyond its stated purpose, and using shell 'source' on .env content is especially risky because it executes shell syntax rather than safely parsing key/value pairs.

Missing User Warnings

Low
Confidence
85% confidence
Finding
The documentation states that connector test results are saved to `data/trading_rules.json` without warning the user that a local write will occur. While the data appears operational rather than highly sensitive, undisclosed file writes can surprise users, overwrite prior data, or persist exchange availability information longer than expected.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill documentation exposes default API credentials (`admin/admin`) and instructs use of environment variables and `.env` discovery without any warning about credential hygiene. Even if intended for local development, normalized default credentials and casual handling guidance can lead to insecure deployments, credential reuse, or accidental leakage through logs, shells, and checked-in `.env` files.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The default API URL uses plain HTTP and the script sends Basic Auth credentials with curl, which can expose usernames and passwords to local network observers, proxies, or misconfigured remote endpoints. The presence of default admin/admin credentials makes this especially risky if the service is ever reachable beyond localhost or if users copy the pattern into non-local deployments.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script silently loads credential-bearing environment files from common locations without notifying the user. In a skill context, this is dangerous because users may invoke a seemingly harmless availability check without realizing local secrets will be consumed and made available to the process.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script sends HTTP basic-auth credentials in a network request without any visible warning to the user. Because the default API URL is plain HTTP to localhost and can be overridden, users may unknowingly transmit credentials to an unintended or non-TLS endpoint.

Credential Access

High
Category
Privilege Escalation
Content
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"

# Load .env if present
for f in hummingbot-api/.env ~/.hummingbot/.env .env; do
    if [ -f "$f" ]; then
        set -a; source "$f"; set +a
Confidence
96% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"

# Load .env if present
for f in hummingbot-api/.env ~/.hummingbot/.env .env; do
    if [ -f "$f" ]; then
        set -a; source "$f"; set +a
        break
Confidence
96% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"

# Load .env if present
for f in hummingbot-api/.env ~/.hummingbot/.env .env; do
    if [ -f "$f" ]; then
        set -a; source "$f"; set +a
        break
Confidence
96% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
# Test if a connector is accessible from current location
# Usage: ./test_connector.sh --connector <name> [--timeout 10]

# Load .env if present
for f in hummingbot-api/.env ~/.hummingbot/.env .env; do
    if [ -f "$f" ]; then
        set -a; source "$f"; set +a
Confidence
84% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
# Usage: ./test_connector.sh --connector <name> [--timeout 10]

# Load .env if present
for f in hummingbot-api/.env ~/.hummingbot/.env .env; do
    if [ -f "$f" ]; then
        set -a; source "$f"; set +a
        break
Confidence
79% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
# Usage: ./test_connector.sh --connector <name> [--timeout 10]

# Load .env if present
for f in hummingbot-api/.env ~/.hummingbot/.env .env; do
    if [ -f "$f" ]; then
        set -a; source "$f"; set +a
        break
Confidence
79% confidence
Finding
.env

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal