ClawHub

Onemind Skill

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real OneMind API helper, but it can create accounts and post content or ratings to a live service without strong consent safeguards.

Install only if you want an agent to interact with OneMind on your behalf. Require the agent to show the exact request and payload and get your approval before any signup, join, proposition, or rating action; avoid running the included test script against production unless you are authorized and intend to create live records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The report claims POST /propositions and POST /ratings are working and the skill is production-ready, but the earlier test evidence does not show successful execution for those operations. This can mislead users into trusting unverified write actions against a production backend, increasing the chance of failed operations, unsafe assumptions, or unintended data modification during real use.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill gives step-by-step instructions for joining a chat, creating a participant, and submitting propositions and ratings that modify remote state on OneMind, but it never clearly warns the user that these are write actions. In an agent setting, this can cause unintended account creation, participation, and content submission to a third-party service without informed consent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The document instructs an agent to perform anonymous signup and subsequent write operations to participants, propositions, and ratings without any user-consent, disclosure, or confirmation requirements. In an agent setting, this can lead to silent account creation and unintended data submission on a user's behalf, creating privacy, integrity, and abuse risks even if the endpoints themselves require valid tokens.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The document includes POST requests targeting a production Supabase instance with authorization headers, but it does not clearly warn that these calls may modify live data. Readers may copy and run the commands against production, causing unintended inserts, policy-triggering writes, or noisy test activity in a real environment.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The report documents live write operations including anonymous signup, joining a chat, submitting content, and posting rankings, but provides no warning that using these steps will create accounts and modify real backend data. In an agent-skill context, this is dangerous because consumers may treat the file as safe read-only test documentation and unknowingly trigger side effects against production-like services, causing unauthorized data creation, spam, or contamination of shared state.

External Transmission

Medium
Category
Data Exfiltration
Content
**Step 1: Get Anonymous Token**

```bash
curl -s -X POST "https://ccyuxrtrklgpkzcryzpj.supabase.co/auth/v1/signup" \
  -H "apikey: [ANON_KEY]" \
  -H "Content-Type: application/json" \
  -d '{}'
Confidence
89% confidence
Finding
curl -s -X POST "https://ccyuxrtrklgpkzcryzpj.supabase.co/auth/v1/signup" \ -H "apikey: [ANON_KEY]" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
**Step A: Join the chat**

```bash
curl -s -X POST "https://ccyuxrtrklgpkzcryzpj.supabase.co/rest/v1/participants" \
  -H "apikey: [ANON_KEY]" \
  -H "Authorization: Bearer [ACCESS_TOKEN]" \
  -H "Content-Type: application/json" \
Confidence
95% confidence
Finding
curl -s -X POST "https://ccyuxrtrklgpkzcryzpj.supabase.co/rest/v1/participants" \ -H "apikey: [ANON_KEY]" \ -H "Authorization: Bearer [ACCESS_TOKEN]" \ -H "Content-Type: application/json" \ -d

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal