ClawHub

Linkding

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Linkding bookmark manager, but users should be careful because it can edit and delete bookmarks using their API token.

Install only if you trust this skill with your Linkding API token. Use a token scoped as narrowly as Linkding allows, keep it in the documented credentials location or environment variables, and explicitly confirm bookmark IDs before update, archive, delete, or bundle-delete operations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The skill advertises bookmark management features, but its documented behavior includes broader and more sensitive operations such as delete, update, bundle deletion/update, and profile/preferences retrieval. This mismatch can cause users or calling agents to invoke the skill under false assumptions, increasing the chance of unintended destructive actions or privacy-impacting data access.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation exposes a direct delete command for bookmarks without any warning, confirmation flow, or safety guidance. In an agent-driven context, this creates a realistic risk of accidental or over-broad deletion caused by misunderstanding, prompt ambiguity, or automation errors.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script exposes irreversible deletion with no built-in confirmation, dry-run mode, or safeguard. In an agent setting, ambiguous or manipulated user prompts could trigger data loss more easily because the tool performs the destructive action immediately.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal