ClawHub

Fellow Aiden Precision Coffee Maker

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Fellow Aiden coffee brewer integration that uses account credentials for the expected API calls, with documentation and packaging rough edges but no artifact-backed malicious behavior.

Install only if you are comfortable giving this skill your Fellow account email and password. Store the password through a secure secret mechanism when possible, avoid putting it in shared shell profiles or logs, and be aware that several advertised profile and schedule management commands are not actually implemented in the reviewed script.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill requires sensitive environment variables (FELLOW_EMAIL and FELLOW_PASSWORD) and performs authenticated network operations, but does not declare corresponding permissions. This creates a transparency and trust problem: users and platforms may not realize the skill can access credentials and communicate with external services, increasing the chance of unintended secret exposure or overly broad execution in environments that rely on declared permissions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README advertises destructive and automation-capable actions such as deleting profiles and managing automated brew schedules, but provides no warning that these operations modify persistent device state and can trigger future brewer behavior. In an AI-agent context, that omission increases the chance of users enabling high-impact actions without understanding that profile data may be lost or that scheduled brews could be created unintentionally.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README instructs users to place Fellow account credentials in environment variables without any guidance on secret handling, least privilege, or avoiding accidental exposure through shell history, logs, process inspection, or shared environments. Because these credentials grant control over a connected appliance account, exposed secrets could allow unauthorized access to brewer data and remote schedule/profile manipulation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal