ClawHub

LinkSKILL

Security checks across malware telemetry and agentic risk

Overview

LinkSKILL matches its API-integration purpose, but it handles enterprise credentials and authenticated requests in ways users should review carefully before installing.

Install only if you are comfortable reviewing and controlling each API target yourself. Use least-privilege, non-production credentials where possible, avoid combining a platform config with arbitrary full URLs, do not run token-output commands in logged environments, and delete scripts/.token_cache.json after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill advertises and operationally requires network access, shell execution, and local file read/write for token and Swagger caching, but it does not declare permissions or boundaries for those capabilities. In an agent environment, undeclared powerful capabilities reduce oversight and can enable unintended outbound requests, local secret exposure, or filesystem modification beyond what a user expects.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The script prints cached bearer tokens directly to stdout and also supports a show-cache mode that dumps stored credentials. In CLI, agent, and CI environments, stdout is commonly captured in logs, transcripts, or orchestration systems, so this behavior can expose reusable secrets to unintended parties far beyond the local terminal session.

Vague Triggers

Medium
Confidence
82% confidence
Finding
Describing the skill as a universal API integration mechanism for 'any platform' creates an overly broad operational scope with no clear trigger constraints, trust boundaries, or allowed targets. That makes it easier for an agent to invoke the skill in unintended contexts, including sensitive internal systems, and increases the chance of SSRF-like behavior, unauthorized integrations, or risky actions against arbitrary APIs.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill documents credential-based authentication, token retrieval, local token caching, and arbitrary HTTP request execution without warning about secret handling, sensitive data exposure, destructive API operations, or logging/privacy risks. In context, this is especially dangerous because the skill is designed to connect to enterprise platforms, where cached tokens and live requests may grant broad access to production or internal systems.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The token cache is written to a local JSON file in the script directory with no permission hardening, encryption, or user notice. On multi-user systems, shared workspaces, containers, or backups, plaintext credential caches can be recovered by other users or processes and reused for unauthorized API access.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
When a cached token is reused, the script prints the full token to stdout. This creates a direct secret disclosure path to terminal scrollback, shell history wrappers, agent logs, CI logs, and any parent process capturing stdout, enabling token theft and replay.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The --show-cache option dumps the full cache structure, including stored tokens, to stdout without safeguards. In an enterprise API-integration skill, this materially increases the chance of credential exposure because operators may invoke diagnostic modes in shared terminals, support sessions, or automated pipelines.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal