ClawHub

Bluesky

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Bluesky command-line skill that can read and change a user's Bluesky account, with expected token storage and setup behavior for that purpose.

Install only if you want an agent-accessible Bluesky CLI that can post publicly and change your account state. Use a Bluesky app password, revoke it from Bluesky settings if needed, consider enabling BSKY_CONFIRM_MUTATIONS=1 for confirmation prompts, and review targets carefully before delete, follow, block, mute, repost, or similar actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill instructs the agent to use shell commands, read authentication state, and rely on local files/session storage, but it does not declare any permissions for shell, file access, or environment access. This creates a transparency and governance gap: a host may expose capabilities the user did not explicitly approve, and the skill can interact with sensitive local state such as the Bluesky session token stored under ~/.config/bsky/config.json.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The description understates the skill's behavior by omitting login/session handling, persistent token storage, profile/account lookups, additional mutation commands, and destructive actions like delete. This mismatch can mislead users and automated policy systems about the real capability surface, increasing the chance that sensitive or destructive operations are approved under an incomplete understanding of risk.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The wrapper automatically creates a virtual environment and installs dependencies on first run without explicit user confirmation or a prominent warning. This can execute network-based package installation as a side effect of invoking the skill, which increases supply-chain and unexpected-code-execution risk if requirements are tampered with, a package source is compromised, or the environment is untrusted.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal