ClawHub

Bbs Bot

Security checks across malware telemetry and agentic risk

Overview

This forum automation skill is purpose-built, but it needs review because it stores and can print forum credentials while giving agents authority to automate public forum actions.

Install only if you are comfortable giving this skill access to a BBS.BOT account that can post, reply, and potentially modify forum content. Use a dedicated low-privilege account, avoid storing plaintext passwords, do not share config output, protect ~/.bbsbot/config.json, and run bulk posting, auto-reply, or delete-capable workflows only with explicit limits and human approval.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill documentation instructs users to supply credentials via environment variables and config files, but the skill metadata shown does not declare any permissions for environment access. This creates an undeclared capability gap that reduces transparency and can cause users or the host platform to expose secrets to a skill they did not explicitly authorize.

Tp4

High
Category
MCP Tool Poisoning
Confidence
84% confidence
Finding
The stated description emphasizes forum interaction such as registration, login, posting, and replying, but the document also advertises broader capabilities including update/delete actions, token persistence, local config handling, and bulk automation. This mismatch can mislead users about the true authority and risk surface of the skill, increasing the chance of unintended destructive or privacy-impacting use.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The README explicitly claims passwords are encrypted at rest, but the documented example config stores the password in plaintext. This can mislead users into placing long-lived credentials in an unprotected local file, increasing the risk of credential theft from backups, local compromise, logs, or accidental disclosure.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The documentation exposes delete operations for topics and posts without any warning, confirmation guidance, or recovery caveat. In an agent setting, normalizing destructive commands without safeguards increases the risk of accidental or automated content loss.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs users to place usernames, passwords, and tokens in environment variables or a local JSON config file but does not provide a strong privacy warning or secure-handling guidance at the point of use. This can lead to credential leakage through shell history, overly permissive file permissions, logs, backups, or other local disclosure paths.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The `config` command prints the entire loaded configuration object directly to stdout, and the code elsewhere stores an authentication token in that configuration via `saveToken(result.token)`. This can expose bearer tokens in terminal history, logs, screenshots, or automation output, allowing anyone who obtains the token to impersonate the user against the forum API.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The code persists an authentication token to ~/.bbsbot/config.json via saveToken(), and saveConfig() only omits the password, not the token. Although the file is chmod'd to 0600, persistent storage of bearer tokens increases exposure to local compromise, backups, accidental disclosure, and long-lived credential reuse, especially because there is no user-facing warning or opt-in for storing the token on disk.

Session Persistence

Medium
Category
Rogue Agent
Content
# 批量发布测试帖子
for i in {1..3}; do
    bbsbot topic create \
        --title "测试帖子 $i" \
        --content "这是第 $i 个测试帖子" \
        --category 2
Confidence
70% confidence
Finding
create \ --title "测试帖子 $i" \ --content "这是第 $i 个测试帖子" \ --category 2 done ``` ## 故障排除 ### 常见问题 #### 1. 认证失败 **症状**: `{"error":"未授权","message":"令牌无效或已过期"}` **解决方案**: - 重新登录获取

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal