ClawHub

tapd-api

Security checks across malware telemetry and agentic risk

Overview

This TAPD API skill is a coherent project-management integration, but it deserves review because it can make broad remote changes and stores an access token locally.

Install only if you need TAPD automation. Use a least-privilege TAPD app, prefer read-only permissions until writes are needed, protect tapd.json and ~/.tapd_token_cache.json, avoid passing secrets on command lines, and require explicit human approval before create, update, member-add, or bulk-change operations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (9)

Intent-Code Divergence

Medium
Confidence
83% confidence
Finding
The documentation states the shell CLI is 'read-only', yet elsewhere the skill presents an API surface that supports creating and updating TAPD resources. Conflicting documentation can cause users or agents to trust the tool in contexts where they expect no remote mutations, increasing the risk of unintended project changes.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The quick-start section walks users through configuring OAuth secrets and using the client, but it does not prominently warn that credentials will be transmitted to a third-party service and that subsequent API calls may read or modify remote project data. This is risky because the skill handles sensitive secrets and operational data, and users may underestimate the consequences of running examples.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The batch update example performs bulk remote status changes without a strong warning, confirmation step, or dry-run guidance. Bulk mutation examples are particularly dangerous because a user may copy them directly and unintentionally alter many TAPD records at once.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation explicitly shows passing the OAuth client secret as a shell command-line argument. On many systems, command-line arguments can be exposed through process listings, shell history, audit logs, or CI job output, which can leak long-lived credentials to other local users or logging systems. In this skill context, the issue is more dangerous because the file is instructional material for users who may copy the example verbatim into real environments.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation explicitly instructs users to place TAPD client credentials in a local JSON file and environment variables, but it does not warn about secret handling, file permissions, exclusion from version control, or use of a secret manager. In an API integration skill, this omission can lead users to commit credentials, expose them in shell history or logs, or store them insecurely on shared systems.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The example demonstrates bulk remote state changes across many TAPD records without guardrails, confirmation steps, or warnings. In a project-management integration skill, this can lead to accidental mass modification of production project data, disrupting workflows and corrupting tracking state if copied blindly by users or agents.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The example encourages reading and printing token-cache contents, including part of an access token, without emphasizing that the cache stores sensitive bearer credentials. In an agent skill context, examples are likely to be reused in automation or logs, increasing the chance of credential disclosure via terminal history, screenshots, debug output, or insecure file permissions.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The CSV export example writes potentially sensitive project-management data to a local file without warning about data classification, storage location, or downstream handling. In this skill's context, exported story titles, owners, priorities, and timestamps may contain internal business information and can be unintentionally exposed through shared directories, source-control commits, backups, or local compromise.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The code persists the OAuth access token to a predictable file in the user's home directory without setting restrictive permissions or warning the user. On multi-user systems, misconfigured environments, backups, or other local compromise scenarios could expose the bearer token and allow unauthorized TAPD API access until expiry.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal