ClawHub

burp-mcp

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local Burp Suite MCP helper, but it can expose sensitive testing traffic or change Burp settings when those tools are called.

Install only if you intentionally want OpenClaw to interact with your local Burp Suite MCP extension. Keep the SSE URL pointed at localhost, start with read-only history/scanner queries, avoid printing or saving tokens and request bodies unless needed, and require explicit human approval before any set_*, editor, intercept, scanner-control, or other state-changing Burp tool call.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill clearly enables access to a local MCP server and can invoke Burp tools that read HTTP history and modify Burp state, but it does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: users or platforms may not realize the skill can access sensitive proxy/scanner data or change security tool configuration before it is used.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill encourages calling Burp tools and even lists mutation-capable operations, but it lacks a prominent warning that tool output may contain sensitive HTTP history, tokens, credentials, scanner findings, and project/user settings, or that some tools can alter Burp behavior. In context, this makes accidental data exposure or unintended state changes more likely because agents may treat the skill as routine introspection rather than access to a security-sensitive local service.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script forwards user-provided JSON arguments directly to a configured SSE MCP endpoint and allows the endpoint URL to be overridden from config.json without validation or any confirmation prompt. In this skill's context, that means potentially sensitive workspace, Burp, or operator-supplied data can be transmitted to an unintended local or non-local service if the configuration is changed or the user invokes a risky tool.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal