ClawHub

专为百度秒哒应用打造的SecondMe OAuth2登录和API集成工具,完成Connect to SecondMe OAuth2接入

Security checks across malware telemetry and agentic risk

Overview

This is a coherent SecondMe OAuth/Supabase integration, but it stores reusable OAuth tokens in a client-readable profile table, including refresh tokens exposed by broad profile reads.

Review before installing in production. The integration is not deceptive, but you should only use it unchanged if you accept browser-side exposure of SecondMe bearer tokens. Prefer moving access and refresh tokens to a backend-only table or secret store, denying client SELECT on token columns, and proxying SecondMe API calls through Edge Functions. If keeping this design, test RLS thoroughly, restrict CORS, harden against XSS, minimize token scopes and lifetimes, and add clear consent and privacy notices for memory, chat, notes, and public posting features.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (10)

Tp4

High
Category
MCP Tool Poisoning
Confidence
92% confidence
Finding
The skill markets itself as simple OAuth/API integration, but the documentation shows it also provisions Supabase users through admin capabilities, stores OAuth tokens in a database, and participates in session issuance. That expanded behavior materially increases privilege and attack surface; if adopters underestimate this, they may deploy high-privilege service-role workflows and token storage without sufficient review or controls.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The documentation is internally inconsistent: one section says the callback returns only a hashed token and not the access token, while another explicitly permits frontend reads of the stored access_token. This kind of contradiction is dangerous because implementers may believe tokens are kept server-side only when the actual design exposes bearer tokens to client-side code, increasing theft risk through XSS, browser extensions, logging, or misconfigured RLS.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The OAuth callback performs privileged identity lifecycle actions and stores third-party access and refresh tokens in the application database, going beyond a minimal code-to-token exchange. In this context, the function uses a Supabase service role key and writes reusable tokens into a profile record, which materially increases blast radius if the database, row-level policies, or downstream profile reads are exposed.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The comment explicitly states the access token is not returned immediately because the frontend can later obtain it via the profile, which indicates intentional exposure of a third-party bearer token through a likely user-accessible data path. If clients can read profile rows, an attacker who compromises a session or abuses weak RLS could extract SecondMe access and refresh tokens and impersonate users against the external API.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The introduction advertises access to user profile data, chat, memory search/management, community features, and speech functionality without any privacy notice, consent expectations, data-retention guidance, or warning about handling personal data. Because this skill is specifically an OAuth2/API integration for user-linked digital identities, omitting data-handling cautions increases the chance that downstream developers will collect, sync, or expose sensitive user information improperly.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The setup steps tell users to configure environment variables but do not warn that OAuth client secrets and related credentials are sensitive and must never be exposed to frontend code, repositories, screenshots, or logs. In an integration skill centered on OAuth2, this omission is security-relevant because developers often copy quick-start steps directly and may accidentally leak secrets, enabling account compromise or unauthorized API access.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The code writes user profile data together with access and refresh tokens into the profiles table, which is commonly designed for application/user access rather than secret storage. In this skill context, that makes the issue more dangerous because OAuth tokens are being co-located with ordinary profile attributes, increasing the chance of accidental disclosure through APIs, dashboards, or permissive row-level policies.

Credential Access

High
Category
Privilege Escalation
Content
- ✅ 仅配置在Edge Function环境变量
- ❌ 绝不提交到代码仓库或前端

### Access Token 存储说明

**存储方式**:
- SecondMe access_token 存储在数据库 `profiles` 表
Confidence
86% confidence
Finding
Access Token

Credential Access

High
Category
Privilege Escalation
Content
- ✅ 仅在Edge Function中使用
- ❌ 绝不在前端配置

### 🎫 Access Token 存储与访问

**存储方式**:
- SecondMe access_token 存储在数据库 `profiles.secondme_access_token` 字段
Confidence
97% confidence
Finding
Access Token

Credential Access

High
Category
Privilege Escalation
Content
## ⚠️ 重要安全说明

### Access Token 存储与访问

**存储方式**:
- SecondMe `access_token` 存储在数据库 `profiles.secondme_access_token` 字段
Confidence
92% confidence
Finding
Access Token

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal