ClawHub

IONSEC Threat Intel

Security checks across malware telemetry and agentic risk

Overview

This threat-intelligence skill mostly does what it says, but it needs Review because it can send sensitive investigation indicators to many external providers, including public URLscan submissions, without clear consent warnings.

Install only if you are comfortable sending queried IOCs to the listed external services. Avoid using `--services all`, bulk mode, or URLscan for confidential/internal/customer indicators unless your organization permits that sharing; prefer environment variables over saved config keys and clear the skill cache after sensitive investigations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (14)

Lp3

Medium
Category
MCP Least Privilege
Confidence
96% confidence
Finding
The skill advertises and documents capabilities that involve reading environment variables, making network requests to many third-party services, writing files, and invoking shell-style commands, yet no declared permissions are present. This creates a trust and containment gap: users and any permission-enforcement layer are not clearly informed that the skill can access secrets and exfiltrate submitted observables or generated results to external systems.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The class advertises support for "hash" observables via SUPPORTED_TYPES, but _query_hash explicitly returns an error stating hash lookups are not supported. This is a real implementation flaw because callers may route hash IOCs to this service and get misleading behavior, reduced coverage, or silent workflow degradation during investigations, though it is not a direct code-execution or data-exfiltration issue.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README prominently advertises enrichment via 14+ external threat intelligence services, but it does not clearly warn users that submitted observables may be disclosed to third parties and could become visible to service operators or retained in external systems. In incident response workflows, observables often include sensitive internal indicators, investigation targets, or unreleased detections, so lack of an explicit privacy/data-sharing warning can lead to unintended information exposure.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The skill encourages submission of IPs, domains, URLs, and hashes to external threat intelligence providers but does not warn users that these observables will be disclosed to third parties. In security investigations, observables may be sensitive or customer-specific, so silent sharing can leak incident details, tip off vendors or monitored services, and create privacy/compliance issues.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The tutorial instructs users to submit IPs, domains, URLs, and hashes to external threat-intelligence providers but does not warn that these observables may be sensitive and will be disclosed to third parties. In an incident-response context, submitting internal, customer, or still-unreported indicators can leak investigative activity, expose proprietary intelligence, or violate privacy and compliance requirements.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The tutorial tells users to place API keys in shell profiles and echo them for verification without warning that these credentials are sensitive or that shell configuration files may be broadly readable, backed up, or exposed through debugging and shared environments. This can lead to accidental credential disclosure, unauthorized API usage, and abuse of paid or rate-limited threat-intelligence accounts.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This script performs bulk IOC enrichment by sending user-supplied observables to external threat intelligence services, but it does not provide an explicit privacy or data-transmission warning before doing so. In a threat-intel skill, this is contextually expected behavior, but it is still a real security/privacy issue because analysts may unknowingly submit sensitive internal indicators, URLs, domains, or hashes to third parties, causing data leakage and possible exposure of an investigation.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This base class sends observables such as IPs, domains, URLs, and hashes to third-party threat intelligence services, and may attach API-key-authenticated context, but there is no built-in disclosure, consent gate, or audit signal to warn users that sensitive investigation data is being exfiltrated outside the local environment. In a threat-intel skill, outbound sharing is expected functionality, but it is still security-relevant because observables can contain confidential case data, internal infrastructure indicators, or customer artifacts, making accidental data exposure plausible.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The cache stores queried observables and returned service data in plaintext JSON under a local .cache directory without any access control hardening, encryption, or operator warning. Because threat-intel lookups may include sensitive indicators, incident artifacts, or proprietary investigation context, local cache files can become a secondary disclosure point if the host is shared, backed up, or otherwise accessed by unauthorized users.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
This client transmits the queried hash to an external third-party service (Abuse.ch MalwareBazaar) with no consent, warning, or policy enforcement visible in this file. While sending hashes to threat-intelligence providers is expected for this skill’s purpose, hashes can still be sensitive in some environments because they may reveal possession of a specific file, malware sample, or internal artifact to an external party.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This code sends user-supplied observables such as URLs, domains, and hashes to the external URLhaus service over the network without any disclosure, consent, or policy gating in this file. In a threat-intelligence skill, that behavior is functionally expected, but it still creates a real privacy and data-handling risk because sensitive IOCs from internal investigations may be exposed to a third party.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code can submit investigator-provided URLs to urlscan.io, which is an external third-party service, and it explicitly requests a public scan. This can disclose sensitive observables, internal URLs, customer data, or active investigation targets outside the local environment without any visible consent, warning, or privacy guardrail; in a threat-intel skill, that risk is heightened because analysts may enrich confidential IOCs during live investigations.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The setup script explicitly collects API keys and persists them to config.json in plaintext without warning the user about sensitivity, restricting permissions, or using a secrets store. In a threat-intel skill, these credentials can grant access to paid or reputation-sensitive services, so local disclosure could lead to account abuse, quota exhaustion, or exposure of investigative activity.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This skill sends user-supplied observables such as IPs, domains, URLs, and hashes to multiple third-party threat-intelligence providers, which can disclose sensitive investigation targets, internal indicators, or customer data. In a threat-intel tool this behavior is expected, but the lack of a clear user-facing warning or explicit consent increases privacy and operational-security risk, especially when querying multiple services by default.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal