ClawHub

VCF Green IT & Carbon Footprint

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do the VMware Aria sustainability reporting task it claims, but it sends an API token over HTTPS with certificate verification disabled and weak setup guidance.

Review before installing. Use only with a least-privilege Aria Operations token, restrict ARIA_OPS_HOST to the intended internal Aria instance, change the code to verify TLS with a trusted CA instead of verify=False, keep certificate warnings enabled, pin reviewed dependency versions, and treat the fallback simulated report as demo data rather than authoritative ESG output.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill requires environment variables and clearly instructs users to run a Python MCP server that will make outbound requests, but it does not declare explicit permissions or provide a clear trust boundary for those capabilities. This can mislead operators about the skill's effective access to secrets and network resources, increasing the chance of unintended credential exposure or over-privileged deployment.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill documentation tells users to supply an API token via environment variables but does not warn that this is a sensitive secret or provide handling guidance. In an MCP/server context, secret-bearing environment variables are accessible to the launched process, so poor operator awareness can lead to accidental leakage through logs, screenshots, config files, or insecure sharing of example configurations.

Unpinned Dependencies

Low
Category
Supply Chain
Content
mcp
requests
Confidence
96% confidence
Finding
mcp

Unpinned Dependencies

Low
Category
Supply Chain
Content
mcp
requests
Confidence
97% confidence
Finding
requests

Known Vulnerable Dependency: mcp — 3 advisory(ies): CVE-2025-53366 (MCP Python SDK vulnerability in the FastMCP Server causes validation error, lead); CVE-2025-66416 (Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection); CVE-2025-53365 (MCP Python SDK has Unhandled Exception in Streamable HTTP Transport, Leading to )

High
Category
Supply Chain
Confidence
98% confidence
Finding
mcp

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
97% confidence
Finding
requests

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal