ClawHub

TapAuth

Security checks across malware telemetry and agentic risk

Overview

TapAuth is a coherent OAuth token broker for agents, but it should only be used when you trust TapAuth and intentionally approve the requested account scopes.

Before installing, treat this as granting an agent access to your connected accounts. Approve only scopes needed for the task, avoid broad scopes like full repository, Slack history, Vercel environment variables, or full API access unless necessary, and revoke grants when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (7)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README encourages obtaining OAuth tokens from users and highlights convenience, but it does not prominently warn that granted scopes may expose highly sensitive data and actions across third-party accounts. In an agent context, this omission is material because operators may authorize broad scopes without understanding that the agent can then read, modify, or exfiltrate account data within those scopes.

Missing User Warnings

Low
Confidence
81% confidence
Finding
The instructions direct modification of `~/.openclaw/openclaw.json`, which is a persistent local configuration affecting future sessions and secret resolution behavior. Without an explicit warning or consent checkpoint, an agent following this guidance could silently install a long-lived secret provider that executes commands at startup.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The documentation states that an Asana token grants access to all workspaces the user belongs to, but it does not pair that statement with an explicit privacy or least-privilege warning. In an OAuth token provider skill, this omission can cause operators or downstream agents to underestimate the breadth of accessible data and unintentionally expose or process data from unrelated workspaces.

Missing User Warnings

Medium
Confidence
77% confidence
Finding
The documentation shows authenticated GitHub API usage with a bearer token and includes a write-action example, but it does not place an explicit warning adjacent to the examples that the token acts as the user and must be protected. In a token-provider skill, this omission increases the chance of unsafe copy/paste usage, over-scoping, or unintended destructive actions with user-authorized credentials.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation explicitly promotes use of Slack user tokens that let agents act on behalf of a real user, but it does not warn about the privacy and authorization implications of that design. In this context, omission of consent and least-privilege guidance can lead operators to grant overly broad access to private messages, files, workspace metadata, and user identity data without understanding the risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The scope list includes identity, message, file, channel, and search-related permissions, but the documentation does not explain what categories of personal or workspace data these scopes expose. Because this skill is an OAuth token provider for agents, unclear scope descriptions materially increase the chance of over-privileged deployments and unintended access to sensitive Slack content.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The documentation explicitly states that Vercel tokens are granted at the integration level with broad permissions and then demonstrates access to sensitive resources such as environment variables. In an agent skill context, this is risky because environment variables commonly contain secrets, and the docs do not prominently warn users about the sensitivity or recommend least-privilege handling.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal