ClawHub

OfficeX

Security checks across malware telemetry and agentic risk

Overview

OfficeX is a coherent API guide, but it teaches agents and app developers to handle billing/admin credentials and prompt-visible secrets in ways that need careful review.

Install only if you need a broad OfficeX API reference and can enforce strict safeguards. Do not put raw API keys, install secrets, master keys, or admin secrets in agent-visible context; prefer backend-held secrets or short-lived scoped tokens; require explicit human approval for billing, payout, deletion, wallet, key-rotation, and admin actions; and avoid using URL parameters for production secrets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The skill explicitly says to never expose install_secret to users, yet its iframe flow passes that secret in URL parameters and stores it client-side. URL parameters leak through browser history, logs, referrers, screenshots, and potentially third-party resources, making compromise of billing credentials much more likely.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill normalizes retrieval and later use of third-party app secrets from agent_context without a prominent warning that those values may be sensitive credentials. In an AI-agent setting, encouraging credential handling inside prompt-accessible context materially increases the risk of accidental disclosure, misuse, or onward transmission to external tools.

Missing User Warnings

High
Confidence
99% confidence
Finding
Documenting install secrets in iframe URL parameters without a strong warning understates a serious leakage risk. Secrets in query strings are commonly exposed via browser history, reverse proxies, analytics, referrer headers, and support artifacts, which can let an attacker use billing-scoped credentials.

Ssd 3

High
Confidence
97% confidence
Finding
The guidance encourages treating third-party app secrets as retrievable and reusable by the agent, which expands the trust boundary to prompt context and any downstream tools the agent may invoke. In this environment, that materially raises the likelihood of credential exfiltration, cross-app misuse, and unauthorized API actions performed on behalf of users.

Ssd 3

High
Confidence
98% confidence
Finding
The webhook and context model explicitly instructs developers to store raw credentials like api_key and workspace identifiers in agent_context and inject them into the AI agent prompt. Prompt-available credentials can be exposed through model output, prompt injection, tool misuse, logging, or debugging flows, turning normal app integration into a high-risk secret management pattern.

Ssd 3

High
Confidence
98% confidence
Finding
The manual post-install flow tells apps to collect user-supplied API keys or tokens and make them available to the AI agent. That design invites users to hand sensitive third-party credentials to a system that may relay them through prompts and tools, substantially increasing risk of compromise and unauthorized downstream actions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal