ClawHub

AnyShare MCP Skills

Security checks across malware telemetry and agentic risk

Overview

The skill is a legitimate AnyShare document-management integration, but its setup flow asks users to paste an access token into chat and stores that bearer token in local configuration.

Install only after reviewing the setup steps. Do not paste real AnyShare bearer tokens into normal chat; configure credentials through a secure local method if possible, restrict file permissions on ~/.mcporter/mcporter.json, use least-privilege short-lived tokens, verify the MCP URL is your organization's official endpoint, and rotate any token that may have been exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill explicitly instructs the agent to ask the user to paste an access token into the chat, which creates a sensitive-data collection channel in natural language. Chat systems may log, retain, summarize, or expose conversation contents to other components, so collecting bearer tokens there materially increases credential theft and account-compromise risk.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The troubleshooting guide explicitly instructs users to place an Authorization token into `~/.mcporter/mcporter.json` but does not warn that this stores a reusable secret on disk. This can lead to credential exposure through weak file permissions, backups, shell support tooling, or accidental disclosure when users share config files for debugging.

Ssd 3

High
Confidence
99% confidence
Finding
This is a true credential-handling vulnerability because the workflow normalizes collecting an AnyShare token via conversation and then writing it into local config. That combines exposure in chat transcripts with long-lived local persistence, expanding the attack surface to logs, prompt history, screen captures, local file compromise, and downstream tooling that can read the config.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal