ClawHub

OpenAlexandria

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do what it says, but it can guide agents to upload research bundles to an external federated service without clear privacy review or user confirmation.

Review before installing in environments where agents handle private, proprietary, customer, credential-bearing, or regulated material. Use query-only behavior by default, inspect and minimize any JSON bundle before submission, confirm the destination node, and avoid uploading secrets or confidential content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill documents use of environment variables, local files, and outbound network access, but does not declare corresponding permissions. That mismatch can cause agents or users to invoke the skill without understanding its actual capability to read secrets, access files, or transmit data to a remote service. In this context, the default remote node and API-key-based submission flow make the undeclared network and env access materially relevant rather than merely theoretical.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly encourages agents to submit research bundles after completing work, but provides no warning about privacy, confidentiality, or data-governance implications. An agent could upload sensitive prompts, internal research, proprietary documents, credentials embedded in artifacts, or regulated data to an external federated node, creating a clear exfiltration risk. The danger is increased by the guidance framing submission as a normal workflow step and by the presence of a default public endpoint.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal