ClawHub

Gangtise Kb

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent Gangtise API integration, but it handles real credentials in ways that can expose them and weakens HTTPS protections for authentication and queries.

Review before installing. Remove the bundled credentials, use only your own scoped Gangtise keys, re-enable normal TLS certificate validation, avoid passing tokens on the command line, and avoid sending sensitive portfolio or proprietary research queries until those issues are fixed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill documentation describes capabilities to read/write local configuration files, execute shell commands, and make network requests, but it does not declare any permissions or constraints for those actions. This creates a trust and transparency gap: an agent or reviewer cannot easily understand the skill's operational scope, and the combination of filesystem, shell, and network access increases the blast radius if the skill is misused or implemented unsafely.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The code explicitly disables both TLS certificate validation and hostname verification before sending the access key and secret key to the remote login endpoint. This allows a man-in-the-middle attacker to impersonate the API server, intercept credentials, and return a forged token or response, which is especially dangerous because this helper is specifically used to obtain authentication material.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The code explicitly creates an unverified SSL context and uses it for both authentication and data-query requests, which disables certificate validation and enables man-in-the-middle interception of API traffic. Because this traffic includes API credentials and access tokens, an active network attacker could steal secrets, tamper with responses, or impersonate the remote service.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
User-supplied parameters are serialized to a temporary file on disk, which can expose sensitive prompts, identifiers, or proprietary financial queries to other local users, backups, endpoint tooling, or crash artifacts. Because delete=False is used, failures before cleanup can leave recoverable residual data behind.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script reads the secret key using standard input with terminal echo enabled, so the credential is visible on screen while typed and may be exposed to shoulder-surfing, screen recording, terminal logging, or shared-session capture. Because this script is specifically used to provision API credentials for a financial/market knowledge-base skill, exposing the secret during setup creates a real credential-compromise risk rather than a purely cosmetic issue.

Missing User Warnings

High
Confidence
99% confidence
Finding
The function transmits long-lived credentials over HTTPS while explicitly disabling certificate and hostname verification, so the apparent use of HTTPS does not provide authentic server identity. An attacker on the network path could capture the submitted access credentials and compromise the associated Gangtise account or API usage.

Credential Access

High
Category
Privilege Escalation
Content
def get_access_token():
    """Authenticate and get access token."""
    import urllib.request
    import urllib.error
    import ssl
Confidence
99% confidence
Finding
access token

Credential Access

High
Category
Privilege Escalation
Content
parser.add_argument('--top', type=int, default=5, help='Number of results per query (default: 5, max: 20)')
    parser.add_argument('--days', type=int, default=365, help='Search days back (default: 365)')
    parser.add_argument('--json', action='store_true', help='Output raw JSON')
    parser.add_argument('--token', help='Access token (optional)')

    args = parser.parse_args()
Confidence
97% confidence
Finding
Access token

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal