ClawHub

crawl requirement from confluence

Security checks across malware telemetry and agentic risk

Overview

This is a plausible Confluence export skill, but it asks for raw login cookies and can automatically delete prior workspace outputs, so users should review it before use.

Install or run only if you are authorized to export the selected Confluence space or page tree. Prefer a scoped Confluence API token or platform-managed authentication instead of pasting session cookies, avoid sending private page HTML to online converters, and change the cleanup and ZIP steps so they only touch the current export directory after your explicit approval.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill is described as a Confluence reader/exporter, but it includes automatic deletion of prior ZIP files and output directories when storage thresholds are exceeded. That is destructive behavior outside the core read/export scope, and it can cause unintended data loss of previous exports or unrelated archived work in the workspace without explicit user approval.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill instructs the user to extract and provide raw Confluence authentication cookies, then reuses them directly for authenticated requests. Handling session cookies in plaintext unnecessarily exposes bearer credentials that could be reused to access private resources beyond the immediate task if logged, retained, or exfiltrated.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The skill recommends installing external packages globally and even suggests sending page HTML to an online HTML-to-Markdown API. This expands the trust boundary unnecessarily: package installation introduces supply-chain risk, and online conversion can leak potentially sensitive Confluence contents to third parties.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill documents destructive cleanup that automatically deletes files once size thresholds are crossed, but it does not require user warning or confirmation. In practice this creates a silent data-destruction path, especially because it targets previous output directories and ZIP archives that may still be needed.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill asks the user to paste full authentication cookies without warning them that these are reusable session secrets. This omission materially increases the chance of credential exposure through chat logs, transcripts, debugging output, or downstream tool invocation.

Ssd 3

High
Confidence
99% confidence
Finding
The skill explicitly directs the model to solicit and reuse the user's full Confluence cookies to access private attachments. Session cookies are bearer tokens; once obtained, they can enable broad account access and are often valid beyond the specific export task, making this a serious credential-handling anti-pattern.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal