MAL Anime Tracker

Security checks across malware telemetry and agentic risk

Overview

This is a coherent MyAnimeList tracking skill, but users should protect OAuth tokens and be careful with list-changing commands.

Install only if you are comfortable giving the skill access to your MyAnimeList account data and list-management actions. Store tokens in OpenClaw vault or another secret manager, avoid pasting secrets into shared terminals or files, rotate tokens if exposed, and double-check anime IDs before using delete.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (8)

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: This helper exchanges OAuth credentials and then prints the returned access and refresh tokens to stdout, exposing authentication material to terminal history, logs, orchestration systems, or other components that capture process output. In addition, error logging includes raw server responses, which may leak sensitive details depending on the provider's behavior.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill instructs users to place OAuth access tokens, refresh tokens, client IDs, and client secrets into environment variables or a vault, but provides no warning about secure storage, least-privilege handling, or avoiding exposure in shell history, logs, screenshots, or shared configs. Because these credentials grant access to a user's MAL account and token refresh capability, poor handling could lead to account compromise or persistent unauthorized API access.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The documented `delete` command performs a destructive action on a user's MAL list, but the documentation gives no warning that it removes entries and may be hard to notice or reverse during routine CLI use. While this is not remote code execution or credential theft, lack of cautionary wording increases the chance of accidental data loss or unintended account changes.

Missing User Warnings

Medium

Confidence: 62% confidence
Finding: These endpoints expose detailed anime/manga history and preference data, including list status and timestamps, and the spec does not include strong user-facing warnings or data-minimization guidance. In an agent-skill context, this increases the chance that a skill requests or stores sensitive preference/history data without users understanding the privacy implications.

Unpinned Dependencies

Low

Category: Supply Chain
Content: requests python-dotenv
Confidence: 97% confidence
Finding: requests

Unpinned Dependencies

Low

Category: Supply Chain
Content: requests python-dotenv
Confidence: 90% confidence
Finding: python-dotenv

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High

Category: Supply Chain
Confidence: 96% confidence
Finding: requests

Known Vulnerable Dependency: python-dotenv — 1 advisory(ies): CVE-2026-28684 (python-dotenv: Symlink following in set_key allows arbitrary file overwrite via )

Low

Category: Supply Chain
Confidence: 78% confidence
Finding: python-dotenv

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal