ClawHub

Octolens

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Octolens API helper, but users should handle the Octolens API key and exported results carefully.

Install only if you intend to query Octolens and trust the publisher with your Octolens account data. Use a least-privileged or read-only API key, avoid pasting real keys into command-line arguments when possible, do not commit exported results, and avoid running the optional remote sudo Node installer unless you already trust that source.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The documentation instructs use of bundled Node.js scripts even though the manifest allows only 'Node Read', which suggests read-only access rather than code execution. This inconsistency can mislead operators about what the skill will do and may encourage unsafe execution paths outside the approved tool policy.

Intent-Code Divergence

Low
Confidence
88% confidence
Finding
The skill says to ask for an API key, but its examples normalize passing the secret directly on the command line. Command-line arguments are often exposed through shell history, audit logs, and process listings, so this guidance weakens credential hygiene even if the surrounding intent is legitimate API use.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs the agent to collect and use a bearer token for outbound API requests without any guidance on secret minimization, retention, redaction, or user privacy. In a skill context, this increases the chance that sensitive credentials are handled insecurely or reused beyond the user's expectations.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The example commands pass the API key directly as a shell argument, which can expose the credential in shell history, terminal scrollback, telemetry, and process inspection by other local users or tools. Because the skill repeatedly promotes this pattern, it materially increases the likelihood of accidental secret disclosure.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The README repeatedly instructs users to pass the Octolens API key as a positional command-line argument. Command-line secrets can be exposed via shell history, process listings, audit logs, and screenshots, which can leak credentials to other local users or monitoring systems. In this skill context, the risk is real because the scripts are specifically built around authenticated API access and the examples normalize unsafe secret handling.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The README encourages piping API responses to files without warning that the returned data may contain sensitive organizational intelligence, mentions, or internal analysis artifacts. Saving such output to disk can create unintended data retention, broaden access through weak file permissions, and increase the chance of accidental commit or sharing. The context makes this somewhat more relevant because social-monitoring results may contain business-sensitive monitoring data even if not strictly secret credentials.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal