ClawHub

Mcp Integration

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent MCP connector, but it gives agents broad access to configured external tools, including database/API actions, without built-in per-tool approval controls.

Install only if you trust every MCP server you configure and understand what each exposed tool can do. Prefer local or authenticated HTTPS servers, use read-only and least-privilege credentials, disable this tool for public or untrusted agents, and require human approval outside the plugin for database writes, account changes, publishing, deletion, or administrative actions. Redact logs and config carefully before sharing diagnostics.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README explicitly demonstrates exposing a database query capability through the generic `mcp` tool and shows raw SQL being issued by an AI agent, but it does not warn that such tools can expose sensitive data or perform destructive actions. In this skill context, the plugin is designed to bridge agents to arbitrary external tools, so normalizing direct database access without strong safety guidance increases the likelihood of unsafe deployment and prompt-driven data exfiltration or modification.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The description presents MCP integration as a generic way to access external tools and data sources but omits a clear user warning that requests and derived context may be sent to third-party MCP servers. In this skill's context, that omission is more dangerous because the whole purpose is dynamic discovery and execution of external tools, making accidental data exfiltration, privacy violations, or compliance issues more likely.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation presents a single generic `mcp` tool that can enumerate and invoke any connected MCP server tool, including tools that may read sensitive data, modify external systems, or trigger side effects. Because the API reference does not warn that tool execution crosses trust boundaries and may perform arbitrary server-side actions, downstream agent builders may treat these calls as low-risk utility operations and expose them too broadly.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The examples advertise `database:query - Execute SQL queries` as a normal available capability without any caution about sensitive data exposure, destructive statements, or prompt-driven misuse. In an agent integration context, examples strongly shape operator behavior, so normalizing database execution without guardrails increases the chance that agents are granted direct query access or that users assume unrestricted querying is safe.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The troubleshooting guide explicitly instructs users to create and share a diagnostic report containing configuration, logs, versions, and server test output, but only vaguely says to provide a redacted configuration. Logs and config often contain API keys, bearer tokens, internal hostnames, session identifiers, and sensitive operational details, so this guidance can cause accidental data disclosure when shared through GitHub, Discord, or email.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The plugin exposes a generic `mcp` tool that can invoke arbitrary remote MCP server tools directly from agent-controlled parameters without any approval gate, allowlist, or user-facing confirmation. In this skill's context, MCP servers are explicitly meant to bridge to external tools and data sources, so a prompt-influenced or compromised agent could trigger real side effects on connected systems simply by issuing a `call` action.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal