ClawHub

AIOZ Pin Toolkit

Security checks across malware telemetry and agentic risk

Overview

This AIOZ Pin skill is mostly coherent, but it needs review because it mishandles credentials and can change account state without strong guardrails.

Review before installing. Use this only if you trust the publisher and are comfortable granting AIOZ Pin credentials. Prefer least-privilege keys, avoid pasting secrets into chat or command arguments, and confirm the exact file path, pin ID, or API key ID before upload, unpin, or delete operations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill tells the agent to ask the user for API credentials and set them in the shell environment, expanding the skill from API operation into active secret collection and handling. Collecting secrets through chat increases exposure risk, and placing them into the runtime environment can make them accessible to subprocesses, logs, crash dumps, or other tooling.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
Although the document warns against passing credentials as CLI arguments, it repeatedly instructs users to place raw secrets into shell export commands. This still exposes sensitive material to shell history, screen recording, terminal logs, and user copy/paste mistakes, undermining the stated credential-safety policy.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The example flow explicitly tells the agent to ask the user for credentials and then set them via export commands, which conflicts with the earlier claim that credentials are platform-provided and safely injected. This normalizes collecting secrets in chat and materially increases the chance of credential leakage or mishandling.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill directs the agent to solicit credentials from the user without any warning that chat is not an appropriate channel for sharing secrets. Users may disclose sensitive API keys in plaintext, creating avoidable exposure in transcripts, logs, or support workflows.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation enables destructive actions such as deleting API keys and unpinning content without requiring confirmation or warning about irreversible operational consequences. An agent following these instructions could remove access or content retention unexpectedly, causing disruption or data-availability issues.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script accepts the pinning API key and secret as positional command-line arguments, which commonly exposes secrets through shell history, process listings, audit logs, and agent telemetry. In an agent skill context this is more dangerous because automation frameworks often log invoked commands or surface arguments to other components, increasing the chance of credential disclosure.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script accepts the pinning API key and secret as positional command-line arguments, which can expose them through shell history, process listings, audit logs, and orchestration tooling. In an agent or multi-user environment, this increases the chance that long-lived credentials are unintentionally disclosed to other local users or logging systems.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script performs a destructive DELETE/unpin operation immediately once invoked, without any user-facing confirmation, dry-run mode, or guardrail beyond required arguments. In an agent skill context, this increases the chance of accidental or unintended data unpinning, which can disrupt availability and be difficult to reverse if content is later garbage-collected or no longer retained elsewhere.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal