ClawHub

Short.io

Security checks across malware telemetry and agentic risk

Overview

This Short.io skill mostly matches its purpose, but it has a URL-handling bug that can run local code and it can delete or archive links without confirmation.

Review before installing. Use only with a revocable Short.io API key, verify link IDs before delete or archive, require explicit human confirmation for destructive actions, keep the secrets file private, and avoid the find command with untrusted URLs until the URL encoding bug is fixed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill clearly instructs use of shell commands and outbound network access to the Short.io API, yet the file does not declare corresponding permissions. Undeclared capabilities reduce transparency and can bypass policy or review expectations, especially because the skill also handles a secret API key and performs live link-management actions.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill documents a direct delete workflow for links without advising confirmation, dry-run behavior, or user approval before destructive actions. In an agent setting, this increases the risk of accidental or unauthorized deletion of production short links, causing service disruption or loss of tracking/history.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The archive command performs a state-changing API request immediately, without a confirmation prompt, dry-run mode, or other safeguard. In an agent skill context, this raises the risk of unintended modifications to production links through user misunderstanding, prompt ambiguity, or accidental invocation.

VirusTotal

No VirusTotal findings

View on VirusTotal