ClawHub
Back to skill

Security audit

Maverick Pandadoc Mcp

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed PandaDoc integration helper, with expected OAuth credential handling but some local token-hardening caveats.

Install only if you expect Maverick-provisioned PandaDoc OAuth credentials to be available. Treat the skill as able to access PandaDoc business data and potentially affect customer-visible document workflows; use a dedicated account where possible, confirm writes, and keep the ~/.mcporter credential vault protected on shared machines.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The skill is presented as a PandaDoc integration helper, but its documented behavior includes credential seeding, local vault mutation, marker-file management, and generic MCP launcher behavior that are broader and more sensitive than the declared purpose. This mismatch can cause operators or downstream agents to invoke the skill under the assumption that it is read-oriented PandaDoc context, when it may also modify shared local authentication state and affect other MCP integrations.

Credential Access

High
Category
Privilege Escalation
Content
mcp_client_id="${!mcp_client_id_var:?${mcp_client_id_var} required}"
mcp_access="${!mcp_access_var:?${mcp_access_var} required}"

mcp_vault="${HOME}/.mcporter/credentials.json"
mcp_descriptor=$(jq -cn --arg n "${mcp_server}" --arg u "${mcp_url}" \
  '{name:$n, url:$u, command:null}')
mcp_hash=$(printf '%s' "${mcp_descriptor}" | shasum -a 256 | cut -c1-16)
Confidence
81% confidence
Finding
credentials.json

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal