ClawHub

Klaus Processos Br

Security checks across malware telemetry and agentic risk

Overview

This skill coherently queries public Brazilian court data, with disclosed monitoring and manageable privacy/API-key caveats.

Install if you are comfortable sending Brazilian court lookup queries to CNJ's public DataJud API. Avoid using --dry-run with a private DATAJUD_API_KEY, and protect or delete state/monitor.json if the list of cases you monitor could reveal sensitive legal interests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill documentation indicates capabilities to read environment variables, perform network access, and persist data locally, but it declares no permissions. This creates a transparency and consent problem: an agent or user may invoke the skill without understanding that it can access configured secrets, contact external services, and write monitoring data to disk. In this context, the embedded DataJud API key in the documentation further raises concern because undeclared env/network capabilities can facilitate unintended credential use or data exfiltration.

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The declared description says the skill consults Brazilian judicial cases via the public DataJud API, but the documented behavior is materially broader: searching by multiple filters, inferring tribunal, and especially persistent monitoring with local JSON storage and change tracking. This mismatch can mislead users and policy systems about the true operational scope, increasing the risk of unauthorized persistence, overcollection, or use in ways not anticipated from the description alone.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The README explicitly publishes and normalizes use of an embedded DataJud API key, which is a credential-handling anti-pattern even if the API is described as public. Embedding a reusable key in distributed skill documentation encourages secret reuse, makes revocation difficult, and can lead to abuse, rate-limit exhaustion, or unauthorized use being attributed to the skill author or users.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The dry-run path prints client._headers() directly, and headers commonly contain API tokens or authorization material. Even though this is a local CLI, secrets can be exposed to terminal history, logs, screenshots, CI output, or shell redirection, increasing the chance of credential leakage.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The code creates and uses a persistent state file to store monitored judicial process information without any visible notice, consent flow, or retention controls. Because judicial case identifiers and movement snapshots may be sensitive in context, silent persistence increases privacy risk and can expose historical monitoring data to other local users, backups, or logs.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Saving the full monitored process list to disk, including process numbers, tribunal, update timestamps, hashes, and recent movements, creates a privacy-sensitive local datastore. In the context of Brazilian judicial processes, this can reveal what cases a user is tracking and preserve potentially sensitive case activity without transparent disclosure or access controls.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal