Stack Exchange

Security checks across malware telemetry and agentic risk

Overview

This Stack Exchange skill is mostly coherent, but it enables OAuth-backed private account access and token-inspection tools while presenting read operations as safe and confirmation-free.

Install only if you trust ClawLink with your Stack Exchange OAuth connection. Treat authenticated tools as able to read private account-adjacent data such as inbox, notifications, achievements, and possibly token metadata; avoid allowing automated agents to call token or private-account tools without explicit user intent.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 90% confidence
Finding: The security section claims all tools are read-only or only create safe filters, but the catalog also exposes `stack_exchange_get_access_tokens`, which can inspect OAuth access tokens. Even if the tool is nominally read-only, token inspection is sensitive because it can reveal token metadata, scopes, or other authentication details and may cause operators or downstream agents to treat the integration as universally safe when it is not.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal