Cubox Integration (International & China)

ReviewAudited by ClawScan on May 10, 2026.

Overview

The skill mostly matches its Cubox-saving purpose, but its error handling can expose the credential-bearing Cubox API URL in logs or agent output.

Review this skill before installing. It appears purpose-aligned for saving URLs and memos to Cubox, but configure CUBOX_API_URL carefully, avoid sharing error output that may contain the token, and prefer a version that redacts the API URL from exceptions.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI03: Identity and Privilege Abuse

What this means

If a Cubox request fails, the user's private API URL may be displayed or stored in logs, allowing someone who sees it to save content into the user's Cubox account.

Why it was flagged

CUBOX_API_URL is documented as the user's personal Cubox API URL and contains a token. requests exceptions for HTTP or network failures can include the full request URL, so printing the raw exception can disclose the token in terminal output, agent context, or logs. The same pattern appears in scripts/save_memo.py.

Skill content

api_url = os.environ.get("CUBOX_API_URL") ... response.raise_for_status() ... print(f"Error: Failed to save URL - {e}", file=sys.stderr)

Recommendation

Redact the API URL/token from error messages, report only status codes or sanitized host information, declare the credential in metadata, and rotate the Cubox API URL if it has already appeared in logs.

Low

#ASI02: Tool Misuse and Exploitation

What this means

Unintended invocations could add unwanted bookmarks, tags, or folders and consume the Cubox daily API quota.

Why it was flagged

The tool sends user-provided URLs and metadata to the configured Cubox API endpoint, which creates saved items in the user's Cubox account. This is purpose-aligned but still mutates a third-party account.

Skill content

payload = {
        "type": "url",
        "content": url
    } ... response = requests.post(api_url, json=payload, headers=headers)

Recommendation

Use the skill only for content you intend to save, confirm tags and folders before invoking it, and monitor Cubox if the agent is allowed to invoke skills without explicit confirmation.

Low

#ASI07: Insecure Inter-Agent Communication

What this means

Private memo text or URLs entered into the tool will leave the local environment and be stored by the configured provider endpoint.

Why it was flagged

Memo text is transmitted to whatever endpoint is configured in CUBOX_API_URL. The intended Cubox data flow is disclosed and purpose-aligned, but users should verify the environment variable points to their real Cubox API URL before sending private notes.

Skill content

payload = {
        "type": "memo",
        "content": content
    } ... response = requests.post(api_url, json=payload, headers=headers)

Recommendation

Verify CUBOX_API_URL before use, avoid sending highly sensitive notes unless you trust the configured Cubox account and endpoint, and unset the variable when not needed.

Info

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

A user may install the latest requests package from their configured Python package source, which depends on that source and environment being trustworthy.

Why it was flagged

The skill documents a manual, unpinned dependency install while the registry shows no install spec. This is not suspicious by itself, but users should be aware of the external package dependency.

Skill content

pip install requests

Recommendation

Install dependencies from a trusted package index, consider pinning a known-good requests version, and use a virtual environment.