ClawHub

CISSPly

Security checks across malware telemetry and agentic risk

Overview

This is mostly a normal CISSP quiz API, but it exposes an admin question-reload action in the agent-facing API without enough visible safeguards.

Install only if you trust the ToolWeb.in remote service. Use pseudonymous session IDs, avoid sending personal information, and do not let an agent call /api/admin/reload unless you intentionally have admin authority and understand it may change the live question bank.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill is presented as a quiz-taking API, but it also documents an administrative endpoint that can reload the question database. This expands the capability surface beyond the user-facing purpose and could enable disruptive state changes or backend content manipulation if exposed, misconfigured, or accidentally invoked.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
An admin-only reload-from-Excel capability is not necessary for normal quiz consumption and introduces a privileged content-ingestion path. Such functionality can be abused to alter the question bank, corrupt service state, or trigger operational disruption, especially if Excel parsing or admin controls are weak.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The OpenAPI spec exposes an administrative action, `/api/admin/reload`, that reloads questions from Excel files even though the skill is described as a quiz API for question delivery and answer evaluation. This capability expands the skill’s effective privilege and attack surface; if the endpoint is callable by the agent or insufficiently protected server-side, it could enable unauthorized data modification, operational disruption, or abuse of file-processing logic.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The description omits any privacy or data-handling notice even though the API sends session identifiers, answers, timing data, and performance metrics to a remote service. Users and downstream agents may unknowingly transmit identifiable or sensitive study-behavior data without informed consent or retention expectations.

Missing User Warnings

Low
Confidence
74% confidence
Finding
The admin reload endpoint is documented without a prominent warning that it changes backend state and may disrupt quiz content or availability. In an agent context, insufficient signaling about destructive or stateful operations increases the risk of accidental invocation or unsafe integration assumptions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal