ClawHub

mcp-adapter

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed MCP bridge for calling user-configured external tools, but users should restrict it carefully because those tools may access or change sensitive systems.

Install only if you understand and trust the MCP servers you configure. Prefer HTTPS, read-only or least-privilege credentials, restrict the mcp tool to trusted agents, require separate approval for tools that write/delete/publish/query sensitive records, and review diagnostic reports before sharing them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly demonstrates a database query capability but does not pair it with a prominent warning about sensitive data exposure, least-privilege access, or the risk of executing arbitrary SQL through agent-driven tool use. In the context of an MCP integration plugin that exposes external tools to AI agents, this can normalize unsafe deployment patterns and increase the chance that operators connect high-risk data sources without proper safeguards.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation presents a generic `mcp` tool that can enumerate and invoke external server tools, including examples such as `database:query`, without any safety note that these calls may trigger real external actions, access sensitive systems, or modify data. In an agent setting, this omission can normalize unsafe autonomous tool use and increase the chance that users or downstream agents invoke impactful operations without confirmation or guardrails.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The example explicitly advertises a `database:query` capability but provides no warning about handling sensitive data, restricting dangerous queries, or separating read-only from write access. Because this skill is specifically designed to let agents discover and execute external tools, showcasing database access without safety context materially raises the risk of overbroad data access or destructive operations.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation includes a direct database query example that retrieves recent orders and shows customer names and purchase data, but provides no warning about authorization, minimization, or handling of sensitive business/customer information. In an MCP integration skill, examples strongly influence agent behavior, so this can normalize broad data access and lead users or downstream agents to expose real production data without appropriate safeguards.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The troubleshooting guide instructs users to generate and share a diagnostic report that includes system details, plugin paths, configuration content, and recent logs, but only briefly mentions redacting secrets in a later support checklist. That creates a realistic risk of users disclosing sensitive local configuration, tokens embedded in config, internal hostnames, or other environment data to third parties when seeking support.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal