ClawHub

SatGate

Security checks across malware telemetry and agentic risk

Overview

SatGate appears legitimate for managing API gateway tokens and budgets, but it needs review because it installs an unpinned remote binary and stores powerful tokens locally with limited warning.

Install only if you trust the SatGate GitHub release source and understand that this skill can manage real gateway access, budgets, and token revocation. Prefer a pinned and checksum-verified release, use a user-owned install directory when possible, protect ~/.satgate/config.yaml as a secret, use least-privilege or short-lived tokens, and run satgate status before minting or revoking anything.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
81% confidence
Finding
The skill description presents the tool as a management CLI, but the detected behavior includes downloading/installing binaries, writing tokens to local config, and performing connectivity checks. That mismatch can mislead users about what the skill will do on their system and with their credentials, increasing the risk of unintended installation, secret persistence, and network exposure in a security-sensitive admin tool.

Missing User Warnings

Low
Confidence
93% confidence
Finding
The documentation instructs users to export highly sensitive admin and bearer tokens but does not warn against shell history leakage, process/environment exposure, insecure config storage, or accidental sharing. In this context, the tool manages an API gateway and token revocation/minting, so exposed secrets could allow unauthorized budget changes, token minting, or service disruption.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script interactively collects a session token or admin token and writes it directly into ~/.satgate/config.yaml without masking input, warning the user, or offering a safer storage mechanism. In a security-sensitive CLI that manages API budgets and agent revocation, plaintext credential storage increases the risk of credential theft from backups, local compromise, shoulder-surfing, or accidental disclosure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The installer runs the freshly downloaded binary immediately after installation, which creates an unnecessary code-execution step during install. Even though the script attempts checksum verification, verification is explicitly skipped in several cases (missing SHA256SUMS, missing hash tool, missing entry in SHA256SUMS), so a compromised or substituted binary could be executed right away without giving the user a chance to inspect or opt out.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal