ClawHub

mofang-records

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed CLI for managing Mofang records and BPM workflows; its powerful actions fit that purpose but require careful confirmation and credential handling.

Install this only if you want an agent to manage Magicflu/Mofang records and BPM tasks. Use a dedicated least-privilege account, keep the password in a secure environment/secret store rather than a shared .env file, and require explicit review of record IDs, task IDs, targets, and consequences before delete, complete, delegate, claim, jump, or transaction operations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

High
Confidence
73% confidence
Finding
This handler exposes powerful workflow jump operations that can abort, roll back, or recover tasks, and it can automatically derive jump targets from BPMN XML. In the context of a general-purpose agent skill, these are high-risk state-changing actions that can materially alter approval flows or terminate business processes if invoked through ambiguous, mistaken, or prompt-influenced requests, especially since the module adds convenience logic that lowers the barrier to dangerous execution.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The delete handler performs an irreversible record deletion immediately from provided parameters, with no built-in confirmation, dry-run mode, safeguard token, or explicit user acknowledgement path. In a high-privilege CRUD skill for business records, this increases the chance of accidental or prompt-induced destructive actions, especially when an agent may misinterpret user intent or operate on the wrong record/form/space.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The manifest explicitly asks users to provide a PASSWORD secret but gives no guidance on secure handling, storage, masking, or safer alternatives such as token-based authentication. In a skill that also requests shell/terminal/exec permissions and performs install/activate hooks, collecting raw credentials increases the risk of accidental exposure through logs, environment dumps, command history, or downstream tooling.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
Claiming a group BPM task is a state-changing workflow action that can alter ownership and affect who is authorized to act next, but the tool description omits the same explicit confirmation guidance present on other write operations. In an agent setting, inconsistent safety prompts increase the chance of accidental task takeover or premature workflow manipulation without clear user consent.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
Closing a BPM transaction changes workflow state and may finalize or release an in-progress transactional operation, yet the description lacks any user-facing warning or confirmation requirement. In this skill context, transaction operations are tied to approvals/process changes, so an agent could close the wrong transaction or do so prematurely, disrupting business workflow integrity.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal