ClawHub

Mingdata Dmp Auth

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a real Mingdata DMP credential/API helper, but it handles long-lived credentials in ways users should review before installing.

Install only if you trust the publisher and need a Mingdata DMP API gateway. Prefer environment variables over the save-credentials command, avoid passing secrets on the command line, keep any credential file out of shared workspaces and backups, manually set restrictive file permissions, and assume command output or request URLs may reveal credential identifiers.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The documentation contradicts itself on credential storage location and management, referencing both ~/.mingdata_dmp_credentials and ~/.mingdata_credentials/workspace paths. For security-sensitive data like AK/SK, inconsistent storage guidance can cause users or dependent skills to write secrets to the wrong place, skip permission hardening, or leave stale credentials behind in less protected files.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The skill describes two conflicting credential management interfaces: an interactive setup_credentials.py flow and a save-credentials CLI on minri_dmp_api.py. This inconsistency can lead users or automation to invoke the wrong interface, mishandle secrets on the command line, or assume protections exist that are not actually implemented.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The test_credentials() routine prints the full Access Key to stdout. In agent/runtime environments, stdout is often captured in logs, transcripts, CI output, or observability systems, causing credential exposure beyond the intended operator and violating least-exposure principles.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation explicitly places accessKey in the request URL query string but does not warn that URLs are commonly logged by clients, proxies, gateways, shell history, monitoring tools, and server access logs. Even if the secret key is not sent directly, exposing an identifier credential in URLs increases credential leakage risk and makes operational auditing harder.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The code persists long-lived AK/SK secrets to disk in JSON without warning the user and without setting restrictive file permissions. On multi-user systems or shared workspaces, this increases the chance of local secret disclosure through permissive defaults, backups, or accidental inclusion in artifacts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal