ClawHub

Bolt Sprint

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Bolt sprint-management helper that can change project data, so it should be used with normal approval and token-scope care.

Install only if you trust the Bolt server configured in BOLT_BASE_URL and are comfortable allowing the agent to manage data there. Use the least-privilege Bolt token available, confirm project, sprint, and story IDs before writes or bulk operations, use dry_run where supported, and avoid uploading files or logging notes/events that contain secrets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The workflow documents access to audit logs even though that capability is not described in the skill metadata. This expands the apparent privilege and data-access surface beyond user-visible expectations, which can expose sensitive operational history and enable unintended surveillance or data collection.

Description-Behavior Mismatch

Low
Confidence
74% confidence
Finding
The workflow includes sprint-closing operations that are broader and more destructive than the manifest's stated story/Kanban management focus. While plausible for project management, undocumented irreversible actions increase the risk that an agent performs high-impact state changes the user did not expect.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The markdown includes ready-to-run POST and PATCH examples that modify stories, notes, and agent-session events without any warning that these operations change live project data. In an agent setting, examples can be copied or executed directly, increasing the chance of unintended state changes, workflow disruption, or data integrity issues.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This section contains batch modifications and irreversible operations such as bulk story moves, batch patching, and sprint closure without any explicit caution, approval gate, or confirmation pattern. In an agent setting, that creates a real risk of large-scale unintended changes from ambiguous prompts or automation mistakes.

External Transmission

Medium
Category
Data Exfiltration
Content
export BOLT_API_TOKEN="your-token-here"         # Optional: only needed if server was started with BOLT_API_TOKEN
```

The base curl pattern for authenticated requests:

```bash
curl -s \
Confidence
83% confidence
Finding
curl pattern for authenticated requests: ```bash curl -s \ -H "Content-Type: application/json" \ ${BOLT_API_TOKEN:+-H "x-bolt-token: $BOLT_API_TOKEN"} \ "$BOLT_BASE_URL/api/v1/..." ``` Check c

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal