ClawHub

MCP Server Setup Kit

Security checks across malware telemetry and agentic risk

Overview

This is a setup guide for connecting an agent to common work tools, with sensitive access that is visible and aligned with that purpose.

Install this only if you intentionally want your agent connected to these services. Use least-privilege tokens, verify MCP packages from official sources, test in sandbox projects or private channels, avoid posting sensitive summaries to broad Slack channels, and revoke tokens or remove config entries when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill recommends write-capable test actions such as creating content or performing changes in external services, but it does not warn users that these prompts will modify real third-party systems. In a setup workflow, users are primed to follow instructions quickly, so omission of explicit safety guidance increases the chance of unintended writes to production GitHub, Notion, Slack, or Linear environments.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The Slack validation step includes sending a message to #general without warning that this posts to a real channel visible to other users. This can cause accidental spam, reputational issues, or disclosure that an agent is connected and operating in a live workspace.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The Linear test prompt instructs the agent to create a new issue, which modifies live project tracking data, but the skill does not identify this as a write operation or caution against using production teams. This can create noise in issue trackers, trigger automations, and interfere with team workflows.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The cross-tool example aggregates data from Linear, Notion, and GitHub and posts the synthesized result to Slack without warning about cross-system data movement. This is more dangerous than a single write action because it can disclose sensitive operational or internal documentation content to a broader audience in another system.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal