ClawHub

Mubu Integration

Security checks across malware telemetry and agentic risk

Overview

This Mubu integration is not malicious, but it needs Review because it can use account credentials, cache an auth token, and change or delete remote notes without strong safeguards.

Install only if you are comfortable giving this skill access to your Mubu account and allowing it to read, create, save, move, and delete remote notes. Use explicit Mubu commands, confirm any delete or overwrite target yourself, protect any .env file and ~/.mubu_token, and rotate credentials if those files are exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill uses environment variables, local file read/write, and outbound network access, but does not declare these permissions. This weakens user consent and security review because the agent can handle credentials, persist tokens, and transmit data externally without an explicit capability declaration.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The description presents the skill as a note integration tool, but the content also includes destructive deletion, move operations, and local token persistence. This mismatch can mislead users and reviewers about the real risk profile, especially because persisted tokens and delete operations can cause account compromise or data loss if misused.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases are generic enough that an agent could invoke this skill in response to ordinary mentions of '幕布', 'mubu', or outline notes without a clear user request to perform account-linked actions. Because the skill supports authenticated document and folder operations, over-broad activation increases the chance of unintended access, modification, export, or deletion of user content.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README advertises a delete command for documents or folders but gives no warning that the action is destructive, potentially irreversible, or should require confirmation. In an agent-integrated context, this omission raises the risk that users or automation invoke deletion casually and lose data.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README instructs users to place a phone number and password in environment variables or a local env file without any security guidance on file permissions, process exposure, shell history, or safer alternatives. This is especially risky because the skill uses a reverse-engineered web API for a real account, so credential leakage could expose the user's notes and allow account actions.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The trigger guidance includes broad terms like 幕布, mubu, and outline-note related phrases, which increases the chance the skill is invoked when the user did not intend account-connected actions. In a skill that can authenticate, modify remote documents, and delete items, accidental activation materially increases risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill documents deletion of documents and folders but does not warn that the action is destructive or require confirmation. In an agent context, omission of this safeguard can lead to irreversible remote data loss from ambiguous or mistaken user requests.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill instructs users to provide a phone number and password, but does not adequately warn about credential exposure, storage, and transmission risks. Because the same skill also recommends local token caching, weak guidance here increases the chance of insecure secret handling and account compromise.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script persists the JWT token plus user identity data to ~/.mubu_token without setting restrictive file permissions or warning the user. On shared or misconfigured systems, other local users or processes may read the token and impersonate the account until expiry, making this a real credential-handling weakness.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal