ClawHub

v2ex-monitor

Security checks across malware telemetry and agentic risk

Overview

This V2EX monitoring skill appears purpose-aligned, but it handles the user’s API key and account data with weak protections that need review before use.

Review or patch this skill before using a real V2EX API key. Restore normal TLS verification, avoid using it on shared machines, protect or delete v2ex_monitor_config.json, connect the MCP server only to trusted agents, and use daemon/scheduled monitoring only when you intentionally want ongoing polling.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (13)

Intent-Code Divergence

Medium
Confidence
99% confidence
Finding
Although the session is configured with certificate verification enabled, the actual urllib3 request paths used by the monitoring functions create a TLS context with hostname checking disabled and certificate verification set to CERT_NONE. This allows man-in-the-middle interception of API traffic, exposing the bearer API key and enabling tampering with fetched topics or notifications.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill asks users to provide a V2EX API key and retrieves account notification data, but it does not clearly warn that these credentials and private account data will be transmitted to V2EX and may be stored or surfaced in local reports. This can lead users to expose sensitive account information without informed consent, especially in shared agent environments or when logs/config files are retained.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill performs authenticated requests using the user's API key and exposes tools that retrieve personal account information and notifications, but it provides no user-facing disclosure, consent gating, or scoping. In an agent context, this increases the risk of unintended privacy exposure because an upstream assistant could invoke these tools and access sensitive personal data without the user clearly understanding what will be fetched.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The configuration tool stores the user's API key in a local JSON file in plaintext without warning, permission hardening, or use of a secure secret store. If the local filesystem is readable by other users, processes, backups, or malware, the credential can be stolen and reused to access the user's V2EX account data through the API.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The tool persists the V2EX API key in a local JSON file in the script directory without any warning, permission hardening, or use of a secret store. On multi-user systems, shared workspaces, backups, or accidental source-control inclusion, this can expose long-lived credentials and grant unauthorized API access.

Unpinned Dependencies

Low
Category
Supply Chain
Content
urllib3
mcp
pydantic
requests
Confidence
95% confidence
Finding
urllib3

Unpinned Dependencies

Low
Category
Supply Chain
Content
urllib3
mcp
pydantic
requests
Confidence
95% confidence
Finding
mcp

Unpinned Dependencies

Low
Category
Supply Chain
Content
urllib3
mcp
pydantic
requests
Confidence
94% confidence
Finding
pydantic

Unpinned Dependencies

Low
Category
Supply Chain
Content
urllib3
mcp
pydantic
requests
Confidence
95% confidence
Finding
requests

Known Vulnerable Dependency: urllib3 — 10 advisory(ies): CVE-2025-66471 (urllib3 streaming API improperly handles highly compressed data); CVE-2024-37891 (urllib3's Proxy-Authorization request header isn't stripped during cross-origin ); CVE-2026-21441 (Decompression-bomb safeguards bypassed when following HTTP redirects (streaming ) +7 more

High
Category
Supply Chain
Confidence
89% confidence
Finding
urllib3

Known Vulnerable Dependency: mcp — 3 advisory(ies): CVE-2025-53366 (MCP Python SDK vulnerability in the FastMCP Server causes validation error, lead); CVE-2025-66416 (Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection); CVE-2025-53365 (MCP Python SDK has Unhandled Exception in Streamable HTTP Transport, Leading to )

High
Category
Supply Chain
Confidence
84% confidence
Finding
mcp

Known Vulnerable Dependency: pydantic — 3 advisory(ies): CVE-2021-29510 (Use of "infinity" as an input to datetime and date fields causes infinite loop i); CVE-2024-3772 (Pydantic regular expression denial of service); CVE-2021-29510 (Pydantic is a data validation and settings management using Python type hinting.)

High
Category
Supply Chain
Confidence
82% confidence
Finding
pydantic

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
90% confidence
Finding
requests

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal