ClawHub

Namecheap DNS

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate Namecheap DNS tool, but it needs review because crafted domain input could run unintended local shell commands.

Install only if you understand it can change DNS records for domains accessible to your Namecheap API key. Use dry-run first, review diffs, do not pass untrusted domain strings, and prefer a patched version that validates domain names and calls dig with argument arrays instead of shell command strings.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill instructs users to export sensitive Namecheap API credentials via environment variables, but the metadata declares no corresponding permissions or capability requirements beyond node/npm. This creates a transparency and least-privilege issue: an agent or runtime may access secrets without the user being clearly warned by the permission model, increasing the risk of unintended credential exposure or misuse.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
`execSync` builds a shell command using unsanitized `fullDomain` input: ``dig +short ${fullDomain} ${type}``. Because shell metacharacters in the domain are not validated or escaped, an attacker controlling the domain argument could achieve command injection and execute arbitrary local commands with the privileges of the process.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The subdomain lookup path also constructs shell commands from untrusted input: ``dig +short ${sub}.${fullDomain} ${type}``. Fixed subdomain prefixes do not mitigate the risk, because a malicious `fullDomain` can still inject shell syntax and trigger arbitrary command execution during verification or backup operations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal