ClawHub

jf-open-pro-device-list

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate JFTech device-listing skill, but it can expose device passwords or login tokens and sends signed requests to an environment-configured endpoint.

Install only if you need JFTech developer-account device lookup and can protect the returned secrets. Use credentials for an account you control, set JF_ENDPOINT only to an official JFTech API host, avoid JSON output or shared terminals/logs unless you intend to handle passwords and tokens, and rotate affected credentials if output may have been exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The skill claims to query device lists, but its output functions expose loginToken values, which are authentication secrets unrelated to a simple inventory listing. Printing tokens to stdout/JSON can leak credentials into terminals, logs, chat transcripts, or downstream tooling, enabling unauthorized access or session hijacking.

Intent-Code Divergence

Low
Confidence
97% confidence
Finding
The 'simple' output mode is described as concise, yet it still displays Token data. This misleading UX increases the chance that operators will expose sensitive authentication material in routine use, especially when they believe they selected a safer/minimal output format.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrases are broad enough to match routine requests such as '我的设备' or '设备列表' without making clear that this skill returns sensitive account-linked device data. Overbroad activation increases the chance the skill is invoked in contexts where the user did not intend credential-bearing device information to be fetched or displayed.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The Markdown trigger section repeats generic device-related phrases but does not define clear activation boundaries, authentication expectations, or sensitivity of the returned data. In practice, that ambiguity can cause accidental execution and exposure of device inventory or credentials in otherwise ordinary support or device-management conversations.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill explicitly advertises retrieval of highly sensitive fields, including device passwords and login tokens, yet provides no user-facing warning, masking, or least-privilege justification. Exposing these values can enable unauthorized device access, account misuse, pivoting into connected systems, or long-lived session/token abuse.

Missing User Warnings

High
Confidence
98% confidence
Finding
The response schema includes raw password and loginToken fields without explicit safety guidance, redaction requirements, or handling restrictions. Documenting sensitive secrets as ordinary output normalizes insecure behavior and increases the likelihood they will be displayed in logs, terminals, chat transcripts, or downstream tooling.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal