ClawHub

Pipelinegate

Security checks across malware telemetry and agentic risk

Overview

PipelineGate is a disclosed local pipeline API with a bounded environment-readiness check that should be kept local and used only with trusted callers.

Install this only if you intend to run a local pipeline service. Keep the uvicorn server bound to localhost, do not expose it publicly, and only use check-env with variable names you are comfortable revealing as present or missing. Confirm the Green Helix modules imported by the executor are provided by a trusted runtime.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill advertises no declared permissions, yet its documented capabilities include environment inspection via the `check-env` tool. That creates a transparency and policy gap: users or orchestrators may invoke a skill that can access sensitive host context without an explicit permission declaration, increasing the chance of unintended secret or system metadata exposure.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The check-env step inspects host environment variables and installed binaries, which exposes execution-environment metadata to pipeline users. In an orchestration skill this may be operationally useful, but without explicit scope controls, disclosure, or allowlisting it can aid reconnaissance by revealing available secrets names and system tooling.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The code reads environment variables from the host process and reports which requested names are present. Even though it does not disclose values, confirming the existence of variables can leak sensitive configuration details and assist targeted follow-on attacks, especially in a multi-step pipeline tool that can be driven by untrusted inputs.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal