ClawHub

drift-testing

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Drift API testing skill with expected risks around live API tests, credentials, publishing results, and tool installation.

Install this only for Drift/OpenAPI contract testing. Prefer mock or staging APIs, use least-privilege test tokens, avoid production POST/PUT/PATCH/DELETE runs, review generated tests before loops, pin or preinstall tools instead of relying on global npm installs, and inspect Drift/PactFlow bundles before publishing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The script's behavior materially diverges from the skill's declared purpose: it launches a Prism mock server rather than performing Drift-based API verification. In an agent setting, this can cause the system to run the wrong toolchain, produce misleading "successful" outcomes, and mask the absence of real conformance testing, which is especially dangerous because the skill description explicitly targets verification and 'keep running until everything passes' workflows.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The script performs an unconditional global npm installation of @stoplight/prism-cli when Prism is absent, introducing network access, supply-chain exposure, and persistent host modification that are not necessary for a narrowly scoped verification skill. In an automated agent environment, this expands privileges and side effects beyond expected testing behavior, making compromise or environment drift more likely if the package, registry path, or install context is abused.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The documentation includes a real credential-handling pattern using environment variables for `PACTFLOW_TOKEN` without warning users not to hardcode secrets, commit them to files, or expose them in shell history and CI logs. In a CLI reference for testing and CI workflows, this omission can lead to accidental secret leakage even though the example itself is not malicious.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation explicitly demonstrates printing the full event data structure with `dbg(data)` and `print(...)` without any warning about sensitive contents. In this skill context, event payloads may include headers, request bodies, auth material, or other test secrets, so copying this pattern can leak credentials or sensitive API data into logs, CI output, or shared artifacts.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The examples show retrieving tokens from environment variables and injecting them into HTTP auth flows, but they do not warn users about safe secret handling, token scope, log exposure, or use of non-production credentials. In a testing tool that automates requests and lifecycle hooks, users may inadvertently embed real credentials or expose them through logs, debug output, or improperly scoped test code.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal