ClawHub

工业化数据处理

Security checks across malware telemetry and agentic risk

Overview

The skill matches its industrial data-processing purpose, but it uses embedded credentials, plaintext HTTP submission, and persistent token storage in ways users should review before installing.

Install only after reviewing and changing the hardcoded API host and account credentials. Require HTTPS, rotate the exposed password, make the endpoint and secrets user-provided, add an approval or dry-run step before API writes, and avoid storing JWTs in plaintext or long-lived cache files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The script documentation states the JWT is written to ./output/jwt_token.txt, but the implementation also stores a daily copy under token_cache. This undocumented persistence increases credential exposure because operators may not realize tokens remain on disk longer and in more locations than expected, complicating cleanup and incident response.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly enables persistent logging and writes processed output to disk, but the configuration provides no user-facing disclosure, consent mechanism, retention controls, or data minimization guidance. In a workflow that processes Excel/CSV/JSON enterprise inspection data, this can result in unexpected storage of sensitive operational or proprietary information and broaden exposure through local files and logs.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill defines a data submission step using bearer-token authentication, indicating likely transmission of processed data to an external destination, yet it gives no user-facing warning, destination details, or consent boundary. Because the workflow handles enterprise IQC/control-plan data and also includes a JWT layer with a static secret, users could unknowingly authorize outbound transfer of potentially sensitive data, increasing confidentiality and compliance risk.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script sends both industrial JSON data and a JWT bearer token to a hardcoded HTTP endpoint, so credentials and payloads can be intercepted or modified by any attacker on the network path. Because bearer tokens are reusable and the code provides no TLS enforcement or certificate validation policy beyond defaults, this can lead to token theft, request tampering, and unauthorized API actions.

Missing User Warnings

High
Confidence
99% confidence
Finding
The code contains hardcoded credentials and sends them to a login endpoint over plain HTTP, which exposes the username, password, and returned JWT to interception by anyone with network visibility. Hardcoding secrets also makes accidental disclosure through source control, logs, backups, or redistribution far more likely.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script writes JWTs to output and cache files on disk, creating reusable bearer-token artifacts that may be read by other local users, backup systems, malware, or later workflow steps outside the intended trust boundary. Because JWTs commonly grant authenticated access without additional proof, file disclosure can directly enable session hijacking until expiry or revocation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal