ClawHub

uno

Security checks across malware telemetry and agentic risk

Overview

This is a broad remote tool gateway that is disclosed, but it can use persistent credentials, invoke account-linked services, fetch untrusted skill content, and affect ratings without clear user confirmation boundaries.

Install only if you trust MCPMarket as a broker for broad tool calls and account authorization. Require confirmation before posts, purchases, deletions, financial or business changes, downstream OAuth linking, downloads, loading fetched skills, or submitting ratings. Remove ~/.uno/token when finished and separately revoke any linked downstream service access in MCPMarket or the connected service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The skill is presented primarily as a tool search/invocation interface, but it also exposes functionality to fetch full third-party skill content, file lists, ZIP download links, and repository URLs. That broader capability materially expands the trust boundary and can be abused to ingest untrusted prompt/code artifacts from external sources without the manifest clearly foregrounding that supply-chain risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs the user to persist a bearer access token on disk in a fixed location, but does not clearly warn that the token is sensitive or discuss the risks of local credential theft, backups, shell history leakage, or multi-user system exposure. Even with restrictive file permissions, local disk storage increases the attack surface for token compromise and unauthorized API use.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal