ClawHub

Token Config Checker

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real token-checking utility, but it can send live credentials over the network and duplicate raw credential files in ways users should review carefully.

Install or run only if you are comfortable giving it access to token/auth JSON files. Use a narrow input path, prefer offline checks first, use --probe only with endpoints you fully trust, avoid custom probe URLs unless you control them, and treat generated valid/no_quota/invalid directories plus index/report files as sensitive because they may contain usable credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill documentation describes capabilities to read sensitive token/config files, write categorized copies back to disk, and optionally send credential-bearing requests over the network, yet no declared permissions are documented. This creates a transparency and consent gap: users may invoke a skill that handles secrets and performs network transmission without clear up-front permission boundaries.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation encourages online probing of access tokens and saving configs into valid/no_quota/invalid directories, but does not prominently warn that probing sends authentication material to a remote endpoint and that bucket-saving persists sensitive credential files on disk. In a token-checking skill, this context makes the issue more dangerous because the primary inputs are high-value secrets, so unclear handling directly increases the risk of credential disclosure or unintended retention.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The optional online probe transmits each discovered access token to an external service by placing it in the Authorization header for a live API request. Even though this appears to be the tool's stated purpose, it is still a real security concern because the script scans arbitrary local token/auth files and can cause credential use or disclosure to a third party without an explicit interactive warning, per-file confirmation, or strong scoping controls.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The online probing feature sends bearer access tokens and, for Codex configs, account identifiers to a remote endpoint supplied by --probe-url, with no trust restriction, warning, or confirmation. In a tool explicitly designed to scan harvested credential files, this creates a high-risk exfiltration path: a user can unintentionally transmit valid secrets to arbitrary infrastructure, and the code even wraps the real token inside a JSON payload for a secondary service call.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The save_valid_dir/save_no_quota_dir/save_invalid_dir flows copy original configuration files verbatim, which may contain live access_token, refresh_token, id_token, API keys, and other secrets. This duplicates sensitive material into new locations and creates an index of where credential-bearing files were stored, increasing the chance of leakage, overbroad access, backup exposure, or accidental sharing.

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
python3 scripts/check_token_configs_plus.py ./tokens \
  --probe \
  --probe-url https://api.openai.com/v1/models \
  --save-valid-dir ./valid_configs \
  --save-no-quota-dir ./no_quota_configs \
  --save-invalid-dir ./invalid_configs \
Confidence
96% confidence
Finding
https://api.openai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
python3 scripts/check_token_configs_plus.py ./tokens \
  --probe \
  --probe-url https://api.openai.com/v1/models \
  --save-valid-dir ./valid_configs \
  --save-no-quota-dir ./no_quota_configs \
  --save-invalid-dir ./invalid_configs \
Confidence
96% confidence
Finding
https://api.openai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
if not isinstance(access_token, str) or not access_token:
        out['probe_detail'] = 'no_access_token'
        return out
    probe_url = 'https://api.openai.com/v1/models'
    headers = {'Authorization': f'Bearer {access_token}'}
    try:
        out['online_checked'] = True
Confidence
96% confidence
Finding
https://api.openai.com/

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal