ClawHub
Back to skill

Security audit

Threat Intel Aggregator

Security checks across malware telemetry and agentic risk

Overview

This is a coherent threat-lookup skill that sends user-submitted indicators to a disclosed external API, with privacy caveats but no hidden or destructive behavior found.

Install only if you are comfortable sending checked indicators to the ToolWeb/api.mkkpro.com service and possibly its upstream intelligence sources. Avoid submitting internal hostnames, secret-bearing URLs, customer data, or sensitive incident-response indicators unless your organization approves that disclosure.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill accepts sensitive indicators such as IPs, domains, URLs, and file hashes, and explicitly states that it queries multiple third-party threat intelligence feeds, but it does not clearly warn users that submitted targets may be transmitted externally. This can cause unintentional disclosure of internal indicators, investigation targets, or proprietary malware artifacts to outside services, creating privacy, confidentiality, and operational security risks.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The POST operation is exposed as a generic 'Check Threat' action with no documented trigger scope, allowed target types, rate limits, or usage constraints. In an agent context, this broadness can enable unintended scanning, lookups on arbitrary user-supplied targets, or overbroad invocation by downstream tooling, increasing the risk of misuse and privacy-impacting external queries.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The API accepts arbitrary user-provided 'target' data and sends it for threat checking without any disclosure about external processing, retention, or privacy implications. In practice, users may submit sensitive domains, internal hostnames, IPs, emails, or other confidential indicators, causing unintended data exposure to third-party intelligence services or logs.

External Transmission

Medium
Category
Data Exfiltration
Content
## References

- **Kong Route:** `https://api.mkkpro.com/security/threat-intel-aggregator`
- **API Docs:** `https://api.mkkpro.com:8009/docs`
Confidence
82% confidence
Finding
https://api.mkkpro.com/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.