ClawHub

Meegle Mcp

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Meegle connector, but it can make real workspace changes and stores Meegle keys in shell startup files if setup is used.

Install only if you trust this skill to act in Meegle with the permissions of the keys you provide. Prefer a least-privilege or service account, avoid syncing shell profiles that contain secrets, rotate keys if exposed, and review prompts that create projects, move tasks, add members, or change permissions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly encourages natural-language actions that can create tasks, move workflow items, and add users to projects, but it does not warn that these are state-changing or permission-affecting operations that should be reviewed before execution. In an agent skill context, this omission can cause users to trigger unintended modifications through ambiguous prompts or over-trusting automation, increasing the risk of unauthorized or accidental changes in the Meegle workspace.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The skill advertises state-changing operations such as creating projects/tasks, updating workflows, adding members, and updating permissions, but it does not prominently warn that these actions can modify live project data and access control. In an agentic context, ambiguous user prompts or over-broad automation could lead to unintended project changes, unauthorized invitations, or permission drift.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This proxy blindly forwards all MCP requests received on stdin to a remote Meegle endpoint and authenticates by embedding both the MCP key and user key in the request URL. That creates two risks: sensitive user/tool data is transmitted off-host without an explicit trust boundary or consent mechanism, and credentials placed in URLs are more likely to be exposed through logs, process inspection, proxies, or error reporting than if sent in headers or a safer auth channel.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script persists the Meegle user key and MCP key by appending them in plaintext to the user's shell startup file. This creates long-lived credential exposure to any local process, user, backup system, dotfile sync, or accidental sharing of shell config files, and the script does not clearly warn users that the secrets will be stored persistently.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal