ClawHub

OpenKM Document Management

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed OpenKM REST client, but it can read, change, and delete documents using the configured OpenKM account.

Install only if you want an agent to operate on OpenKM with the permissions of the configured account. Use a least-privilege OpenKM user, keep OPENKM_PASSWORD out of shared profiles and logs, avoid OPENKM_DEBUG except for local troubleshooting, and confirm delete, move, restore-version, checkin/upload-version, and workflow task actions before execution.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill declares access to environment variables and uses networked REST operations against a document management system, but it does not declare any explicit permissions or safety boundaries. This increases the chance that an agent or user invokes high-privilege operations without clear authorization expectations, especially since the skill can access sensitive credentials and enterprise documents.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The README exposes a broad set of high-impact capabilities across listing, upload/download, deletion, metadata changes, version restoration, search, and workflow actions without defining when these operations are appropriate, who should authorize them, or what safeguards the agent must apply before invoking them. In an agent setting, underspecified invocation scope can lead to over-broad autonomous actions, including unauthorized data access, modification, or deletion in a document management system.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill documents destructive and data-affecting operations such as upload, move, rename, delete, metadata edits, category changes, and version restore without any warning about confirmation, auditability, rollback expectations, or permission checks. In a document management context, these actions can directly alter records, destroy data, or tamper with business workflows if an agent executes them too freely.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The README requires username and password environment variables and offers a debug mode, but provides no warning about secure storage, exposure through logs, shell history, process inspection, or accidental disclosure by the agent. Because these credentials likely grant direct access to the OpenKM instance, poor handling can result in unauthorized repository access and downstream document compromise.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill documents destructive actions such as delete, move, rename, and restore without warning about irreversible or operationally disruptive consequences. In a document management context, these actions can remove records, break workflows, or alter audit-sensitive content if triggered accidentally or through prompt-induced misuse.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill requires administrator-style credentials and broad REST access to a document repository but provides no privacy or security warning about handling credentials, document contents, metadata, or search results. This is dangerous because the skill operates over potentially sensitive enterprise data and could expose secrets or regulated content through agent use, logs, or unintended retrieval.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
When debug mode is enabled, the client logs the full request URL and the first 200 characters of every server response body to stderr. OpenKM responses can contain document metadata, search results, workflow data, error details, or other sensitive business information, so this creates an information disclosure risk if logs are collected, shared, or exposed to other users/processes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal