ClawHub

Sayba Skill Market

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Sayba marketplace connector, but it can publish, rate, and send skill inputs to Sayba under the user's API key without an in-tool confirmation step.

Install only if you trust Sayba and are comfortable giving this MCP server a Sayba API key. Configure your MCP client to require approval before publish_skill, rate_skill, and invoke_skill run, avoid sending secrets or proprietary material as skill input or review text, and prefer a limited-scope or revocable API key if Sayba supports one.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill declares capabilities that can access environment variables and make network requests, but it does not explicitly declare permissions or provide any trust boundary guidance. In a marketplace skill, this matters because the tool can handle API keys and send data off-box, increasing the risk of credential exposure, unintended outbound requests, or misuse by consumers who assume minimal privileges.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The documentation instructs users to provide an API key in environment configuration but gives no warning about secure storage, least-privilege use, or avoiding hardcoding/secrets leakage. This can lead users to place credentials in plaintext configs, commit them to source control, or expose them in shared environments, especially because the skill is intended for marketplace use and easy copy-paste setup.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The invoke_skill tool forwards arbitrary caller-supplied input to an external Sayba API endpoint, which can cause users or upstream agents to exfiltrate sensitive prompts, documents, or structured data to a third party without a strong transmission warning at execution time. In MCP contexts, tool calls may be triggered by an LLM on the user's behalf, so the lack of an explicit confirmation/disclosure materially increases the risk of unintended data sharing.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The publish_skill tool uploads user-provided skill content, including prompt_template and optional input_schema, to a remote marketplace API without an explicit warning at the point of transmission. This can leak proprietary prompts, internal schemas, or sensitive business logic if a user or agent invokes publishing without fully realizing the data is being sent to and stored by an external service.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The rate_skill tool posts user-supplied rating and review text to a remote service without an explicit user-facing disclosure at send time. While lower impact than skill invocation or publishing, it still creates a privacy and consent issue because review text may contain personal or sensitive information that is transmitted externally.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal