ClawHub

Dashlane

Security checks across malware telemetry and agentic risk

Overview

This Dashlane CLI skill is purpose-related, but it goes beyond its read-only framing and normalizes risky handling of vault secrets, so users should review it carefully before installing.

Install only if you are comfortable letting an agent consult Dashlane CLI documentation that includes sensitive vault retrieval, secret injection, backup, and master-password persistence. Prefer clipboard or direct consumers over console/JSON output, avoid CI/logged sessions for secrets, do not use exec/inject/backup unless you explicitly request them, and review any command that could write secrets to disk or pass them to another process.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The skill is presented as providing read-only vault access, but the documentation also exposes broader capabilities including backups, configuration changes, secret injection, and command execution. This mismatch increases the chance that an agent or user grants broader trust than intended, leading to secret exfiltration to disk, process environments, or downstream commands.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
The documented `dcli exec`, `inject`, and `read` features go beyond simple vault retrieval and enable secrets to be placed into process environments or files, which materially increases exfiltration risk. In an agent skill, these primitives can be chained with other commands to leak credentials or persist them in unsafe locations.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Printing passwords, OTPs, or full JSON records to stdout can leak secrets into terminal scrollback, shell history wrappers, CI logs, transcript capture, and monitoring systems. The examples normalize unsafe output of sensitive material without warning, making accidental disclosure more likely.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Documenting `dcli backup` without warning omits that it writes vault contents to disk, potentially creating a durable plaintext or otherwise sensitive artifact outside the vault's normal protections. In agent-driven workflows, this can silently expand the attack surface via filesystem exposure, backups, sync tools, or permissive file permissions.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The instructions recommend `DASHLANE_MASTER_PASSWORD` for Linux/Docker workflows, which can expose the master password through process inspection, inherited environments, crash dumps, CI metadata, and container orchestration tooling. Although the text briefly notes it is less secure, it does not adequately warn about the concrete exposure channels or steer users toward safer defaults.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
Secret injection into environment variables and templated files can leak credentials into child processes, `/proc` views, debugging tools, logs, and persistent files. The examples present these operations as routine without warning that they materially change the confidentiality boundary of vault secrets.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal