ClawHub

调用closeai的gpt

Security checks across malware telemetry and agentic risk

Overview

This GPT chat skill is mostly purpose-aligned, but it can send your API key and prompts to an undisclosed proxy and includes an undocumented unauthenticated local server.

Review before installing. Use an environment variable or managed secret for OPENAI_API_KEY and do not paste API keys into chat. Set OPENAI_API_BASE to the official OpenAI API or another endpoint you explicitly trust before using the main script. Avoid running scripts/server.js unless you add authentication, restrict who can reach the port, and understand that callers could use your API key for chat requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill metadata declares runtime requirements such as environment variables but does not clearly declare the effective capabilities implied by the documented behavior, including network access to the OpenAI API. This undermines transparency and informed consent for operators, making it easier to deploy a skill with broader access than expected.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The documented purpose presents the skill as a simple chat/content-generation tool, while the analyzed behavior reportedly includes starting an HTTP server, exposing remote control endpoints, persisting state locally, generating files, and testing or enumerating API models. That mismatch is dangerous because users may grant trust and deployment approval under a much narrower threat model than the code actually requires.

Missing User Warnings

High
Confidence
99% confidence
Finding
The documentation tells users they may provide their API key in chat, which creates a direct path for secret disclosure through conversational logs, prompt history, agent memory, or downstream integrations. Credentials shared in chat are harder to scope, redact, and securely store than environment-based secret handling.

Missing User Warnings

High
Confidence
99% confidence
Finding
Repeating that users can provide an API key in conversation normalizes insecure credential handling and increases the likelihood of accidental exposure. In agent environments, chat content may be logged, summarized, or forwarded, turning a one-time disclosure into persistent compromise risk.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The /chat endpoint forwards arbitrary user-supplied messages to an external third-party API, but the server code provides no disclosure, consent flow, or indication to users that their inputs leave the local system. In a chat skill, users may submit sensitive prompts or secrets, so undisclosed external transmission creates a real privacy and compliance risk even if the transmission is functionally intended.

Ssd 3

Medium
Confidence
98% confidence
Finding
Encouraging users to disclose sensitive credentials through natural-language interaction creates a predictable secret-exfiltration path. Even absent malicious intent, this weakens operational security because conversational systems often retain, transform, or expose message contents beyond the immediate session.

Ssd 3

Medium
Confidence
98% confidence
Finding
The API key section explicitly authorizes providing a secret in conversation, increasing the chance that users will expose credentials in logs or to other tools with access to chat transcripts. This is especially risky in agent ecosystems where messages may be stored, inspected, or reused automatically.

External Transmission

Medium
Category
Data Exfiltration
Content
});

async function callOpenAI(message) {
  const response = await fetch('https://api.openai.com/v1/chat/completions', {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json',
Confidence
80% confidence
Finding
fetch('https://api.openai.com/v1/chat/completions', { method: 'POST'

External Transmission

Medium
Category
Data Exfiltration
Content
});

async function callOpenAI(message) {
  const response = await fetch('https://api.openai.com/v1/chat/completions', {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json',
Confidence
80% confidence
Finding
https://api.openai.com/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal