ClawHub

Mvg

Security checks across malware telemetry and agentic risk

Overview

This is a read-only Munich transit lookup skill with expected external API use, plus a disclosed Node-based live-tracking helper that users should understand before installing.

Install this if you are comfortable with your MVG searches, route endpoints, addresses, or coordinates being sent to MVG/geOps services. Use the live S-Bahn feature only in an environment where you trust the local node binary and ws module, and avoid sudo or unpinned GitHub installation unless you trust the source.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill advertises executable capabilities including network access, shelling out, environment access, and file writing, but declares no permissions or trust boundaries. That creates a real security issue because users and the agent framework cannot accurately assess or constrain what the skill may do, especially since it can invoke Python and Node-based components and contact external services.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The live-tracking feature executes a local Node runtime and probes multiple local module paths unrelated to the core transit-query purpose, which unnecessarily expands the trust boundary from remote API calls to local code execution. If a malicious or trojaned Node binary or ws module is present in one of those locations, invoking 'mvg live' could execute attacker-controlled code on the host.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Search terms, station names, addresses, and coordinates are sent to third-party transit APIs without any explicit user disclosure in the CLI surface. In a transit skill, this data can reveal sensitive movement patterns or precise locations, so silent transmission creates a real privacy risk even if it is functionally necessary.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The live feature silently launches an external Node subprocess and writes temporary files, neither of which a user would reasonably expect from a transit-information CLI. Hidden local execution and disk writes increase the attack surface and can violate user trust, especially in constrained or shared environments.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal