ClawHub

Hope Client

Security checks across malware telemetry and agentic risk

Overview

This is a real internal Hope Server API helper, but it bundles real-looking default credentials and gives broad SSH-backed authority to read and change server data.

Install only if you control the Hope Server target and understand that the agent may use SSH plus an API key to read sensitive server data and perform mutations. Replace and rotate the bundled credentials, remove password-based sshpass defaults, restrict the API key to least privilege, and manually review any POST/PUT or bulk cleanup command before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
This section includes a hardcoded SSH password and demonstrates passing an API key into a remote shell command. Hardcoded credentials and credential-bearing command lines are dangerous because they encourage insecure reuse, expose secrets via documentation, shell history, process lists, logs, or copy-paste leakage, and normalize unsafe operational practices.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The quick-call helper does more than act as a simple API client: it performs SSH-based remote command execution and hardcodes both host targeting and an API key. That broadens the attack surface significantly, because anyone using the helper may unknowingly transmit secrets to a remote shell and execute commands on a fixed internal host.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The documentation claims configuration is driven by environment variables, but later helper code hardcodes the API key and host. This inconsistency is security-relevant because it defeats credential rotation and user expectations, causing stale or unintended secrets/targets to be used and increasing the chance of accidental disclosure or misuse.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The markdown exposes concrete credential handling patterns and network access examples, including an API key, internal host details, and SSH password usage, without strong warnings or safe handling guidance. In this context, the skill is specifically for reaching an internal API service, so these examples materially increase the chance of secret exposure and unauthorized internal access rather than serving as harmless documentation.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation includes a bulk state-changing command (`hope_download_clean "pk1,pk2,pk3"`) without any warning, confirmation requirement, or explanation of reversibility. In an agent-consumable skill, that increases the risk of accidental mass modification if a user or downstream agent copies the example without understanding its operational impact.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script embeds default SSH and API credentials and automatically uses credential material from environment variables to access a remote host. This is dangerous because anyone invoking the skill may unknowingly perform authenticated actions against internal infrastructure, and the hardcoded fallback secrets increase the risk of credential leakage and unauthorized reuse.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The helper function silently performs remote SSH execution using sshpass, which enables password-based noninteractive login and sends authenticated API requests to the remote host without any confirmation or safety boundary. In an agent-skill context, this is especially risky because routine-looking helper calls can trigger privileged actions on internal systems with little visibility to the user.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal