ClawHub

Buttondown

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill mostly does what it says, but its API-base override could send a Buttondown API token to an arbitrary host if the environment is influenced.

Install only if you trust the publisher and can control the runtime environment. Do not set BUTTONDOWN_API_BASE unless you are intentionally using a trusted Buttondown-compatible endpoint, and prefer a Buttondown key scoped to only the newsletter actions you need.

SkillSpector (2)

By NVIDIA

Tainted flow: 'req' from os.environ.get (line 144, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
req = urllib.request.Request(url, data=body, headers=headers, method=method)
    try:
        with urllib.request.urlopen(req, timeout=30) as response:
            text = response.read().decode()
            if not text:
                return {}
Confidence
91% confidence
Finding
with urllib.request.urlopen(req, timeout=30) as response:

Lp3

Medium
Category
MCP Least Privilege
Confidence
82% confidence
Finding
The skill clearly uses sensitive capabilities: it reads environment variables for an API key, reads local files for newsletter bodies, and makes outbound network requests to the Buttondown API, yet no explicit permissions are declared. That mismatch can prevent proper policy enforcement and informed consent, increasing the chance the skill is run with broader access than users realize.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal