ClawHub

API Benchmark

Security checks across malware telemetry and agentic risk

Overview

This is a normal API benchmarking skill, with the main caution that it sends test prompts and API keys to the endpoints the user configures.

Install only if you intend to benchmark providers listed in your OpenCLAW config. Use environment-variable API keys, avoid sensitive custom prompts, expect API usage costs, and do not run against base URLs you do not trust.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
96% confidence
Finding
The skill documentation declares compatibility and required config/env inputs, but it does not declare permissions despite clearly requiring network access and environment/config secret handling. This creates a trust gap: users may run a skill that sends prompts and uses API credentials without an explicit permission boundary or informed consent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explains benchmarking mechanics but does not clearly warn that prompts and authentication material are sent to third-party API providers over the network. In this context, that omission matters because benchmarking often involves real provider endpoints and real credentials, which can expose sensitive prompts, metadata, and billing-linked API keys to external services.

External Transmission

Medium
Category
Data Exfiltration
Content
partial = False

    try:
        with requests.post(f"{target.base_url}/v1/messages", headers=headers, json=payload, stream=True, timeout=timeout) as resp:
            if resp.status_code != 200:
                raise RuntimeError(f"HTTP {resp.status_code}: {resp.text[:400]}")
Confidence
79% confidence
Finding
requests.post(f"{target.base_url}/v1/messages", headers=headers, json=

External Transmission

Medium
Category
Data Exfiltration
Content
partial = False

    try:
        with requests.post(f"{target.base_url}/chat/completions", headers=headers, json=payload, stream=True, timeout=timeout) as resp:
            if resp.status_code != 200:
                raise RuntimeError(f"HTTP {resp.status_code}: {resp.text[:400]}")
Confidence
79% confidence
Finding
requests.post(f"{target.base_url}/chat/completions", headers=headers, json=

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal