ClawHub

huodongyuan

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Wekan board-management helper, but it can change board data using the Wekan account or token you provide.

Install this only if you want an agent to manage a specific Wekan instance. Use a least-privileged or agent-specific Wekan account, avoid admin tokens unless necessary, treat login output and WEKAN_TOKEN as sensitive, and confirm create, edit, archive, or delete-related actions before execution.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The reference expands the skill’s apparent capabilities beyond the stated board-management scope by documenting login/token acquisition and admin-level user listing. In an agent setting, this increases the chance the agent will attempt identity discovery or credentialed operations that are broader than the user reasonably expects, enabling privilege misuse or unauthorized account enumeration if the backing environment permits it.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The documentation advertises delete functionality despite the manifest saying the skill is for creating, moving, and archiving board content. Even without concrete delete examples, surfacing destructive operations broadens the action space and can lead an autonomous agent to perform irreversible actions that exceed user expectations and the declared contract.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill description includes broad routing language such as using it for 'anything Trello-like,' which can cause the agent to invoke this skill for ambiguous task-management requests beyond the user's intent. Because the skill enables state-changing operations against a live Wekan instance, overbroad invocation increases the chance of unauthorized or unintended board, list, or card modifications.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation exposes destructive operations like archiving cards but does not warn that these actions modify persistent data or recommend confirmation before execution. In this context, the tool operates with an authenticated token against a real collaboration system, so a mistaken invocation or misunderstood user request could silently remove active work items from normal workflows.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal