Studio Agent Dist

Security checks across malware telemetry and agentic risk

Overview

This is a real ClickZetta Studio connector, but it gives a remote agent account-backed authority while automatically approving some remote action requests and storing session tokens locally.

Install only if you trust this publisher and intend to let the skill act through your ClickZetta account. Use a least-privileged ClickZetta credential, avoid shared machines, review or disable automatic interrupt approval before mutating workflows, and clear the local OpenClaw cache when you no longer need the session.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 97% confidence
Finding: The proxy defaults CZ_INTERRUPT_DECISION_MODE to auto_approve, causing interrupt/tool-execution requests from the remote Studio agent to be approved without explicit user confirmation. In a skill whose stated purpose is task/query/job operations via a JDBC-backed Studio connection, this expands authority beyond simple proxying and can authorize unintended side-effecting actions if the remote agent issues tool/action requests.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: This code caches discovery data that includes a WebSocket URL containing the x-clickzetta-token and also preserves user/account identifiers and workspace metadata on local disk. Because the cache is stored under a predictable path and there is no visible permission hardening, encryption, or user disclosure, another local user/process or subsequent tool execution could recover a still-valid bearer token and reuse it to access the ClickZetta environment.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal