Clawhub Github Publish BkCCGK
Security checks across static analysis, malware telemetry, and agentic risk
Overview
Prompt-injection indicators were detected in the submitted artifacts (system-prompt-override); human review is required before treating this skill as clean.
Before installing, make sure you are comfortable running the npm package, providing a Mistral API key, and sending selected project data or media to Mistral. In sensitive environments, pin the npm version, keep tool approvals on for delete/batch/workflow actions, and use a revocable key with usage monitoring. ClawScan detected prompt-injection indicators (system-prompt-override), so this skill requires review even though the model response was benign.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
66/66 vendors flagged this plugin as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Enabling the plugin may execute code fetched from npm, including future compatible patch versions.
The plugin can auto-run the MCP server package from npm with confirmation suppressed and a version range. This is disclosed and central to the integration, but it creates a normal npm supply-chain trust dependency.
"command": "npx", "args": ["-y", "mistral-mcp@^0.6.0"]
Install only from a trusted source, and consider pinning an exact package version before using it in sensitive workspaces.
The agent can use the configured Mistral account for API calls, which may expose submitted content to Mistral and incur costs.
The OpenClaw skill requires a Mistral API key. That is expected for a Mistral integration, but it grants access to the user's Mistral account and usage billing.
requires:\n env:\n - MISTRAL_API_KEY\n...\n primaryEnv: MISTRAL_API_KEY
Use normal secret storage or environment variables, avoid pasting keys into chat, and monitor or revoke the key if needed.
If invoked, the agent could delete Mistral-hosted files, cancel jobs, or start/interact with workflows tied to the user's account.
The tool surface includes provider-side deletion, batch cancellation, and workflow execution/interactions. These are disclosed and aligned with the Mistral MCP purpose, but they can mutate state in the user's Mistral account.
- `files_delete`\n- `batch_cancel`\n...\n- `workflow_execute`\n- `workflow_status`\n- `workflow_interact` — polymorphic: `signal` or `query` against a running execution
Keep tool approval enabled for destructive or costly actions, verify target file/job/workflow identifiers, and use the narrower profile unless the full surface is needed.
Private or proprietary code changes could be transmitted to Mistral during code review workflows.
When this skill is invoked, local code diffs may be read and sent through the Mistral MCP server for model review. This is disclosed and purpose-aligned, but source code can be sensitive.
Auto-fetches the diff via git diff if no argument is provided... Call the MCP prompt `codestral_review`... Pass the resulting messages to `mistral_chat`
Use these skills only for code you are allowed to share with Mistral, or provide a redacted/manual diff instead of relying on auto-fetch.