ClawHub

Gusnais Skill

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Gusnais API skill, but it asks for OAuth secrets and can store long-lived tokens in local JSON while enabling account write/delete/publish actions.

Install only if you are comfortable granting this skill Gusnais account access. Use a dedicated OAuth client if possible, provide secrets through environment variables or a secret manager, keep TOKEN_STORE_PATH outside repos and synced folders, restrict file access, and review every publish, update, or delete action before running it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs users to provide a CLIENT_SECRET but gives no handling guidance, despite this being a sensitive OAuth client credential. In agent ecosystems, such secrets may be logged, echoed in prompts, stored in chat history, or reused insecurely, enabling unauthorized token exchange or impersonation of the OAuth client.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill recommends persisting refreshable OAuth tokens to JSON for long-lived automation without any requirement for encryption, access control, or secure location management. Refresh tokens are high-value credentials; if that JSON file is readable by other users, processes, backups, or repos, an attacker can obtain durable API access and act as the user until revoked.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script writes a token store containing the OAuth client_secret, access token, and refresh token to disk whenever TOKEN_STORE_PATH is set, with no interactive warning, confirmation, or safer default storage mechanism. Although the file mode is restricted to 0600, local compromise, accidental backup/sync exposure, or unsafe path selection could disclose long-lived credentials that enable API access and token refresh.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal