User-Delegated OAuth API Access

Security checks across malware telemetry and agentic risk

Overview

This OAuth skill is coherent, but it needs review because it can expose reusable third-party account tokens to agents and gives mixed guidance about token output handling.

Install only if you intentionally want agents to request and claim OAuth access for third-party accounts. Use a pinned, reviewed `clawauth` CLI in a trusted runtime, grant minimal OAuth scopes, prevent command output from being logged or shown in chat, and confirm how stored tokens can be revoked or removed.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 92% confidence
Finding: The documentation states the skill avoids commands that materialize raw tokens, but earlier it explicitly documents `clawauth login claim <sessionId> --json` as returning a token payload in command output. In an agent setting, stdout is commonly logged, relayed to orchestration layers, or exposed to subsequent tool steps, so this inconsistency can cause accidental credential disclosure and misuse of third-party API access.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal