ClawHub

海康云眸设备告警能力管理

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Hik-Cloud alarm management helper, with real operational risk because it can change device alarm settings and caches an access token.

Install only if you intend to let this skill manage Hik-Cloud alarm capabilities. Use least-privileged Hik credentials, avoid untrusted custom base URLs, verify deviceSerial/channelId/abilityCode/type/status values before mutating commands, and protect or clear ~/.cache/hik_open/token.json on shared systems.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill clearly performs sensitive operations—reading environment credentials, writing a token cache file, and making network requests—but does not declare permissions or equivalent user-visible capability boundaries. This weakens policy enforcement and informed consent, making it easier for a broadly invoked skill to access secrets and external services without explicit review.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger description includes broad scenario language such as references to alarm capability, motion detection, occlusion, intrusion, and intelligent detection switching, without tight conditions or authorization checks. In an agent setting, this increases the chance of accidental invocation for ambiguous user requests, which is risky because the skill can change device alarm states.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation states that the skill reads credentials, obtains tokens, caches them, and refreshes them automatically, but it does not clearly warn users about secret handling, token persistence, cache location sensitivity, or operational privacy implications. This can lead to unsafe deployment practices and accidental exposure of long-lived credentials or cached bearer tokens.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill explicitly states that it will automatically obtain, cache, refresh, and retry OAuth tokens without surfacing that authentication behavior to the user. In an agent context, hidden network authentication and automatic credential use can cause unintended external actions, reduce user awareness of when secrets are being used, and make it harder to detect misuse or exfiltration if the base URL or downstream calls are manipulated.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The file enumerates sensitive environment variables, including client credentials and an optional access token override, but provides no handling guidance such as secret storage, redaction, rotation, or prohibitions on exposing them in logs. In a skill ecosystem, this increases the chance that deployers mishandle secrets, and the optional base URL override further raises the risk that valid credentials or bearer tokens could be sent to an attacker-controlled endpoint.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal