ClawHub

Stashdog

Security checks across malware telemetry and agentic risk

Overview

StashDog is a disclosed MCP connector for an inventory service, with normal cautions around OAuth access, remote data changes, unpinned npx use, and deletion.

Install only if you trust the StashDog MCP endpoint and intend to grant OAuth access to that inventory account. Review item IDs before edit or delete actions, and consider pinning or vetting `mcp-remote` instead of relying on the unpinned `npx -y` command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The manifest says the skill supports only listing, searching, and adding items, but the documented MCP server also exposes get, edit, and delete operations. This mismatch can mislead users or downstream agents into invoking a skill under-scoped for read/write/destructive capabilities, increasing the chance of unintended modification or deletion of inventory data.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The skill description broadly presents the skill as a general way to connect to the StashDog MCP server and perform common actions, without clear boundaries on when it is appropriate to invoke it. Overly broad invocation guidance can cause an agent to use external authenticated tools in situations where the user did not intend inventory access or modification.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documented tool list includes delete_item, but the skill does not warn users or agents that it is a destructive operation. Without prominent warnings and confirmation requirements, an agent may treat deletion as a routine action, risking irreversible loss of inventory records.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal