ClawHub

swagger-skills

Security checks across malware telemetry and agentic risk

Overview

This Swagger/OpenAPI generator is mostly purpose-aligned, but it needs review because it can auto-install Python packages and can persist documentation login credentials into generated configs.

Install and run this only in a controlled Python virtual environment. Review config/sources.json before use, avoid placing real documentation credentials there unless you accept that they may be copied into generated config/domains.json, and inspect generated API clients before letting an agent use them for create, update, delete, or other live backend operations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (9)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
print(f"检测到依赖缺失,正在根据 {requirements_path} 安装依赖。")

    try:
        subprocess.check_call(command, env={**os.environ, "PIP_DISABLE_PIP_VERSION_CHECK": "1"})
    except subprocess.CalledProcessError as exc:
        raise RuntimeError(
            "依赖自动安装失败。常见原因是全局 Python 环境被 PEP 668 管理、pip 不可用、"
Confidence
83% confidence
Finding
subprocess.check_call(command, env={**os.environ, "PIP_DISABLE_PIP_VERSION_CHECK": "1"})

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill describes capabilities to read environment/configuration, read and write files, access the network, and invoke shell commands, yet it does not declare any permissions or constraints. This creates a transparency and least-privilege problem: users or orchestrators may authorize or execute the skill without understanding that it can fetch remote content, write generated artifacts outside its directory, and potentially expose sensitive data from local config or environment.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The generator copies documentation authentication credentials from source/default config into generated runtime config (`config/domains.json`), including username and password fields. This persists secrets into output artifacts that may be committed, shared, or exposed to downstream users of the generated skill, turning build-time doc access credentials into stored plaintext secrets.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The module bootstraps pip and installs dependencies automatically, even though its stated purpose is HTTP/OpenAPI helper functionality. In a skill ecosystem, silently changing the interpreter environment and pulling code from package repositories is risky because it introduces supply-chain and unintended code-execution exposure that is not essential to parsing Swagger documentation.

Missing User Warnings

High
Confidence
99% confidence
Finding
The generated `domains.json` includes `doc_auth.username` and `doc_auth.password` without any explicit warning or consent flow in this file. Silent plaintext secret propagation increases the chance of accidental disclosure through source control, packaging, artifact sharing, or local file compromise.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31
PyYAML>=6.0
Confidence
91% confidence
Finding
requests>=2.31

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31
PyYAML>=6.0
Confidence
95% confidence
Finding
PyYAML>=6.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
86% confidence
Finding
requests

Known Vulnerable Dependency: PyYAML — 8 advisory(ies): CVE-2019-20477 (Deserialization of Untrusted Data in PyYAML); CVE-2020-1747 (Improper Input Validation in PyYAML); CVE-2020-14343 (Improper Input Validation in PyYAML) +5 more

Critical
Category
Supply Chain
Confidence
98% confidence
Finding
PyYAML

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal