Back to plugin

Security audit

Hushh One MCP

Security checks across malware telemetry and agentic risk

Overview

This bundle coherently adds a Hushh MCP bridge for consented PKM access, with clear consent and scope limits.

Install this only if you intend to connect OpenClaw to Hussh One PKM data. Keep `HUSHH_DEVELOPER_TOKEN` in your local secret or environment mechanism, review the npm package trust/update posture for `@hushh/mcp`, and only request narrow scopes for clear user-approved purposes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

External Transmission

Medium
Category
Data Exfiltration
Content
## References

- Hussh developer workspace: `https://uat.one.hushh.ai/developers`
- Hosted MCP endpoint: `https://api.uat.hushh.ai/mcp/`
- npm bridge package: `@hushh/mcp`
Confidence
50% confidence
Finding
https://api.uat.hushh.ai/

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
4. If the request is pending, poll `hushh-one__check_consent_status` with the returned `request_ref` at the returned interval.
5. After consent is granted, call `hushh-one__get_encrypted_scoped_export` with the returned `grant_ref` and the original `expected_scope`.

The user approves or denies consent in the first-party Hussh One/Kai app. Do not ask the user for an approval link, do not impersonate the user, and do not bypass consent polling.

## Scope Rules
Confidence
85% confidence
Finding
bypass consent

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
5. Store it locally as `HUSHH_DEVELOPER_TOKEN`.
6. Restart the OpenClaw gateway after changing environment variables.

Never ask the user to paste the token into chat. Never put a developer token in a URL, prompt, file committed to git, or tool argument unless the local OpenClaw secret/env mechanism requires it.

## Consent Flow
Confidence
80% confidence
Finding
Never ask the user

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
4. If the request is pending, poll `hushh-one__check_consent_status` with the returned `request_ref` at the returned interval.
5. After consent is granted, call `hushh-one__get_encrypted_scoped_export` with the returned `grant_ref` and the original `expected_scope`.

The user approves or denies consent in the first-party Hussh One/Kai app. Do not ask the user for an approval link, do not impersonate the user, and do not bypass consent polling.

## Scope Rules
Confidence
80% confidence
Finding
Do not ask the user

VirusTotal

64/64 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.