ClawHub

Client Reporting Automation

Security checks across malware telemetry and agentic risk

Overview

The skill’s reporting purpose is legitimate, but its delivery, credential, and network behaviors appear under-scoped enough that users should review it before installing.

Install only after reviewing the scripts and configuration model. Keep client configs and service account keys out of source control, restrict file permissions, validate report recipients and Slack webhooks before delivery, and avoid using this on shared infrastructure unless outbound domains and client names are tightly controlled.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill describes capabilities that read/write local files, access environment/config secrets, and send network traffic, but it does not declare permissions or otherwise surface those capabilities to the user. That creates a transparency and consent problem: users may invoke the skill without understanding it can access sensitive client data and transmit it externally.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
When Search Console is not configured, the script makes a live HTTP request to whatever domain is stored in client configuration. Because that domain is untrusted input, this creates a server-side outbound request capability that can be abused for unintended probing of arbitrary hosts, including internal or sensitive network targets if an attacker can influence the config. In a reporting automation skill that may run on schedules or shared agency infrastructure, this behavior is more dangerous because it turns routine report generation into a network reachability check against attacker-chosen destinations.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill is explicitly designed to email reports and post them to Slack, which can transmit client analytics, search, and social performance data outside the local workspace. Without a warning about outbound delivery, users may unintentionally disclose confidential client information to external recipients, misconfigured webhooks, or the wrong channel/email address.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The setup directs users to place API keys and service account credentials in config files, including a global config.json and per-client directories, without guidance on secure storage. This increases the chance of credential leakage through source control, backups, shared workspaces, or overly broad file permissions, potentially exposing analytics accounts, email services, and client data.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation instructs users to create and download a long-lived service account JSON key but does not warn that the file is a sensitive secret that must be protected, rotated, and kept out of source control. In a reporting automation skill that likely runs unattended and accesses client analytics data, mishandling this key could let an attacker query GA4 data across affected client properties.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The config example references a credentials file path without stating that it points to highly sensitive authentication material. This omission can normalize insecure storage patterns, especially in automation environments where config files may be shared, backed up, or committed, increasing the chance of credential exposure and unauthorized GA4 data access.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal