ClawHub

meegle-api

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate Meegle API skill pack, but it gives an agent broad authority to read and change project data and stores long-lived credentials without enough safety guidance.

Install only if you want an agent to operate Meegle on your behalf. Use a least-privilege Meegle plugin, restrict the configured project/user scope where possible, protect ~/.openclaw/openclaw.json with local file permissions, and rotate the plugin secret if that file is exposed. Before destructive or broad actions, require the agent to show the target project, object IDs/names, and intended changes, then confirm explicitly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (10)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly instructs users to store long-lived sensitive values such as plugin_id, plugin_secret, project_key, user_key, and domain in a persistent global config file under ~/.openclaw/openclaw.json, and even discourages other configuration methods. This increases the chance of accidental disclosure through backups, shared home directories, local malware, screenshots, or source-control mistakes, while providing no warning about file permissions, secret rotation, or safer secret-storage alternatives.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill directs users to persist long-lived sensitive values such as plugin secrets in a shared configuration file for cross-session reuse, but it does not include any warning about secret sensitivity, file permissions, rotation, or secure storage alternatives. This increases the chance of credential disclosure through local compromise, backups, syncing, screenshots, or accidental sharing of the config file.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill exposes an update_custom_field operation that can modify or delete field options via field_value actions add/modify/delete, but it provides no guidance to require explicit user confirmation before making potentially destructive schema changes. In an agent context, this increases the risk of accidental or prompt-induced configuration damage, especially because field settings affect many work items and may be difficult to recover cleanly.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill exposes a destructive delete_role API that can remove workflow role configuration but provides no explicit warning, safety guidance, or confirmation requirement in the skill definition. In an agent context, this increases the chance of accidental or overly broad deletion if a user request is ambiguous, especially because roles affect workflow behavior and may disrupt project configuration.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill exposes a destructive delete operation for workflow templates without any user-facing warning, confirmation guidance, or caution about irreversible configuration loss. In an agent setting, this increases the chance of accidental or socially engineered deletion of project workflow configuration, especially because the endpoint is framed as a normal available action rather than a high-risk one.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill documents a DELETE endpoint that removes views, including fixed, conditional, and panoramic views, but provides no instruction to obtain explicit user confirmation before invoking it. In an agent setting, this increases the risk of accidental or prompt-induced destructive actions, especially because view_id can be sourced from prior API results or URLs and the operation has immediate effect with no returned safeguard token or confirmation workflow.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill documents a DELETE-based unbind operation where both identifying fields are optional, and the notes explicitly state that omitting them may remove bindings by other rules. That creates a realistic risk of over-broad deletion if an agent or user invokes the API with missing or incomplete parameters, especially in automation flows handling cross-space links.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill exposes a DELETE endpoint for removing subtasks but does not include an explicit warning that the action is destructive and may be irreversible. In an agent context, this increases the risk that a model or user triggers deletion during automation, cleanup, or sync workflows without sufficient confirmation, causing unintended data loss.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The across-space search API defaults to querying all spaces the user can access when both `project_keys` and `simple_names` are omitted, but the skill presents this as a usage note rather than a clear warning. In an agent context, that can cause unintended over-broad data access and disclosure, especially if a user asks for a search without realizing the default spans multiple projects.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This section documents state-changing and potentially destructive operations such as node completion, rollback, status transitions, and review updates without any cautionary guidance, confirmation requirements, or warnings about irreversible workflow impact. In an agent skill context, that omission increases the risk that an LLM-driven agent will execute business-critical mutations on work items based on ambiguous or incomplete user prompts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal