ClawHub

微信公众号阅读增长榜

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed ranking-data fetcher that runs a bundled Python script against one external API; the main cautions are its embedded service token and third-party links in the output.

Install only if you are comfortable with the skill running a Python script that calls onetotenvip.com for ranking data. Treat the returned article links and ranking score as third-party data, and the publisher should rotate the exposed service token and avoid shipping live credentials in docs or source.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill explicitly instructs the agent to execute a Python script that fetches remote ranking data, which implies network access, yet the skill declares no permissions. This creates a trust and policy gap: users and the platform are not clearly informed that the skill can perform outbound data retrieval, making misuse, unexpected data egress, or unsafe execution harder to govern.

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The API spec contains a hard-coded `N-Token` secret directly in documentation, which exposes live authentication material to anyone who can view or redistribute the skill files. Even though the skill is for analytics, embedding a reusable credential is unnecessary for end users and can enable unauthorized API access, quota abuse, impersonation of the skill, or downstream data scraping against the backend service.

Missing User Warnings

High
Confidence
99% confidence
Finding
Publishing a concrete authentication token without any warning, scoping details, or safe handling guidance makes credential misuse highly likely. Because this skill is designed to query a remote ranking API, the exposed token is directly actionable and lowers the barrier for attackers or unauthorized users to call the service outside intended controls.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The workflow explicitly requires the agent to relay script stdout verbatim, and that output includes Markdown links derived from external data. This removes any opportunity to sanitize, review, or warn about untrusted content, creating a content/URL injection risk where users may be exposed to misleading or malicious links presented as trusted output.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script embeds a static N-Token directly in source code and automatically sends it to an external service on every request. Hardcoded secrets are easily leaked through source distribution, logs, screenshots, or repository access, allowing unauthorized reuse of the token and exposing the associated account, quota, or backend API to abuse.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal