ClawHub

Keys

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent key broker, but it needs review because its docs can expose stored secrets and its broker gives agents broad authenticated access to sensitive provider APIs.

Review carefully before installing. Use restricted or read-only API keys where possible, avoid high-privilege Stripe or GitHub tokens unless necessary, require manual confirmation before any mutating API call, and do not run verification commands that print secrets in an agent-visible terminal.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
80% confidence
Finding
The skill declares shell-capable tooling in metadata but does not declare explicit permissions, creating a mismatch between what the skill can do and what a reviewer or enforcement layer may expect. In a security-sensitive skill that brokers authenticated network calls, undeclared execution capability reduces transparency and can enable command execution paths without adequate policy gating.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The verification section explicitly tells users to run commands that print the stored secret value to stdout. That directly contradicts the skill's claim that keys are never exposed to agent context, and in an agent-assisted workflow the output could be captured in chat history, logs, terminal recording, or other telemetry.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
Although the document says to never ask users to paste keys in chat, the macOS examples require placing the API key directly on the command line with -w "THE-API-KEY". Command-line arguments are prone to exposure through shell history, process inspection, screen sharing, and copy/paste into agent-visible channels, undermining secure key handling.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The verification commands print the stored key but the documentation does not warn users that this reveals the secret in the terminal. In the context of an agent skill marketed as keeping keys out of agent context, omitting that warning materially increases the chance users will expose credentials while following the instructions.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal