ClawHub

JWGL Query

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real JWGL query skill, but it stores teacher login passwords in a local JSON file and can save authenticated page captures without enough security controls or warnings.

Install only if you are comfortable giving the skill teacher-side JWGL credentials and storing them locally in config.json. Keep that file out of Git, backups, and shared folders; avoid using debug/probe tools unless needed; delete debug output afterward; and prefer a dedicated low-privilege account or secure secret storage if available.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill clearly directs the agent to read and write a local config file, store teacher credentials, and access external JWGL sites, yet it declares no permissions. This mismatch can bypass transparency and policy enforcement, especially because the skill handles sensitive usernames/passwords and performs networked queries against school systems.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly instructs the agent to collect teacher usernames and passwords via natural language and write them into a local `config.json`, but it does not warn about credential sensitivity, storage risks, or require secure handling. In the context of a university JWGL skill that targets real institutional accounts, this increases the likelihood of plaintext secret storage, accidental exfiltration through logs/workspaces, and reuse of privileged teacher credentials.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation explicitly instructs storing teacher usernames and passwords in a local config file for reuse, with no encryption, access-control guidance, or warning about handling sensitive credentials. In a skill that automates access to a university teaching system, this creates a realistic credential exposure risk through local file compromise, accidental backup/sync, logs, or source-control inclusion.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
When --debug-dir is enabled, the crawler writes full HTML pages, screenshots, and structured error state to disk. In this skill's context, those artifacts can contain teacher credentials in forms, session cookies or authenticated content, and sensitive university data such as schedules and exam/invigilation arrangements, creating a real confidentiality risk if the directory is accessible, synced, or retained.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script persists teacher credentials, including passwords, directly into a JSON config file and only masks them when displaying output; there is no encryption, secret-store integration, or visible warning about plaintext-at-rest handling. In this skill's context, the stored credentials grant access to university teaching and exam-management systems, so compromise of the config file could expose sensitive institutional data and enable unauthorized access.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script persistently saves post-login HTML, screenshots, and iframe metadata from an authenticated teacher session to disk. In this skill context, those artifacts can contain sensitive teacher-facing academic data, session identifiers, personal information, and institution-specific internal pages, creating a clear confidentiality risk if the output directory is accessed by other users, logs, or downstream tooling.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The code logs into the university system using stored teacher credentials from configuration without any runtime disclosure or consent checkpoint. While credential use is expected for this skill, silently reusing stored secrets increases the risk of unauthorized account access if the skill is triggered unexpectedly, misconfigured, or invoked on behalf of the wrong teacher.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script saves the full HTML and a screenshot of an authenticated teacher-facing JWGL page to disk after login and navigation. In this skill context, those artifacts may contain personal data, schedules, exam/invigilation assignments, session-specific identifiers, or other sensitive institutional information, creating a local data exposure risk if the output directory is accessible, synced, or retained longer than necessary.

Ssd 3

Medium
Confidence
93% confidence
Finding
The file directs the system to persist user-provided teacher credentials locally for later reuse, creating unnecessary retention of highly sensitive authentication data. This broadens the attack surface and increases privacy and security risk because the data may remain long after needed and be exposed to other local processes, users, backups, or operators.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal