ClawHub

Finopsy Cloud Finops

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent cloud-cost analysis connector, but it asks users to send raw cloud credentials to a third-party API with incomplete consent and data-handling disclosures.

Install only if you trust ToolWeb with cloud credentials and billing data. Use dedicated least-privilege, preferably temporary read-only credentials limited to billing and cost visibility, never root or admin keys, confirm billing and privacy terms, and rotate or revoke credentials immediately after analysis.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill explicitly instructs the agent to collect raw AWS/Azure/GCP credentials and transmit them to a third-party endpoint for analysis. That is a highly sensitive data transfer that exceeds what users would reasonably expect from a cost-analysis skill unless there is strong, verifiable disclosure, minimization, and trust controls; none are provided here.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill claims credentials are 'never stored' even though it documents sending them to an external API and provides no evidence, attestation, or technical mechanism to substantiate that claim. This creates a misleading security assurance around highly sensitive secrets, increasing the chance users will share credentials under false assumptions.

Missing User Warnings

High
Confidence
97% confidence
Finding
The prerequisites and surrounding instructions normalize providing cloud credentials for the skill without an explicit up-front warning that those secrets will be sent to an external service. Users may believe they are sharing credentials only with the local agent, when in fact the workflow forwards them off-platform.

Missing User Warnings

High
Confidence
98% confidence
Finding
The example interaction tells the agent to ask for AWS access keys and secret keys directly, but omits any warning that these sensitive credentials will be forwarded to a third-party service. Example flows are especially dangerous because they operationalize unsafe behavior and make exfiltration of secrets more likely in real use.

Ssd 3

High
Confidence
99% confidence
Finding
The documented workflow directs the agent to collect user cloud credentials and embed them in a request body to a third-party API. This creates a direct secret-handling and exfiltration path for privileged infrastructure access material, which could enable unauthorized cloud account access if intercepted, logged, reused, or mishandled.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal