ClawHub

Phy Openapi Mock Server

Security checks across malware telemetry and agentic risk

Overview

This is a coherent developer helper for running a local OpenAPI mock server, with ordinary npm/Docker and remote-spec cautions but no hidden or destructive behavior.

Install this if you are comfortable letting your agent run Prism through npm/npx or Docker and start a localhost server. Prefer trusted local specs or trusted HTTPS URLs, review commands before global installs, and avoid feeding untrusted spec filenames or remote specs without checking them first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill claims 'Zero external API — uses only npx and your local spec file,' but the documented workflow explicitly supports remote spec URLs, npm/npx package resolution, global installs, and Docker image pulls. This misrepresents the trust boundary and can cause users to unknowingly fetch untrusted content or execute remote code paths during setup.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The documentation says validation occurs before startup, but the examples only print syntax/parse errors and do not reliably abort execution before later steps. That creates a fail-open workflow where malformed or unexpected specs may still be processed by subsequent Python and Prism commands, undermining the promised safety check.

Vague Triggers

Medium
Confidence
81% confidence
Finding
Broad trigger phrases like 'mock API', 'mock server', and 'fake backend' can match ordinary developer conversation and invoke the skill unintentionally. In an agent setting, accidental activation can cause package downloads, local server startup, file parsing, or remote spec fetching without the user's clear intent.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The Trigger Phrases section contains ambiguous natural-language requests without scope constraints, increasing the chance the agent activates the skill during normal discussion rather than on an explicit request. Because the skill can initiate installs and start services, unintended invocation has meaningful side effects.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal