ClawHub

Umami Stats

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed read-only helper for querying Umami analytics with a user-provided API key.

Install only if you want an agent to query your Umami analytics. Use the narrowest API key available, avoid admin-scoped keys unless needed, keep UMAMI_BASE_URL pointed only at Umami Cloud or your trusted self-hosted instance, and ask for explicit website IDs and time ranges when requesting data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill clearly instructs use of environment variables, shell commands, and outbound API requests, but it does not declare permissions or capability boundaries. This can cause the host agent or user to invoke a networked, credential-bearing skill without clear consent or policy enforcement, increasing the risk of unintended data access or exfiltration.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger phrases are broad and resemble ordinary analytics-related user requests, so an agent may activate this skill implicitly when the user did not intend external API access. In context, that can lead to unannounced transmission of identifiers, website IDs, or analytics queries to Umami and accidental use of privileged environment credentials.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The description says the skill uses an environment-provided API key to query Umami but does not clearly disclose that analytics/account data will be transmitted to an external service. Users or calling agents may therefore trigger the skill without understanding that potentially sensitive traffic, attribution, or reporting data leaves the local environment.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal