ClawHub

Plausible Analytics Agent

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it advertises: send Plausible analytics events and fetch Plausible stats when the user runs its scripts.

Install only if you want an agent to send analytics events and read stats for your Plausible site. Use a trusted Plausible base URL, keep the API key out of chat/logs/repos, and avoid sending sensitive query strings, tokens, personal data, or private URLs as page URLs, referrers, or event properties.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill invokes shell scripts but does not declare any permissions or clearly communicate that shell execution is required. This weakens the trust boundary for users and tooling, because a consumer may approve or run the skill without understanding that it can execute local commands and make outbound network requests.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The tracking examples send pageview and event data to an external Plausible server, but the skill does not prominently warn users that invoking these commands transmits analytics data off-box. In a security context, silent data egress is risky because users may unintentionally disclose URLs, referrers, or event properties to a third party or self-hosted endpoint they did not mean to contact.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The skill instructs users to export and use an API key for stats queries, but it does not warn about secure credential handling, storage, or exposure in logs and shell history. While the markdown alone does not exfiltrate the key, normalizing casual handling of credentials increases the chance of accidental disclosure or reuse in unsafe environments.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal