ClawHub

Cookie Alive Pro

Security checks across malware telemetry and agentic risk

Overview

The skill does what it says, but it manages live login cookies with weak safeguards and exposes them too easily.

Install only if you deliberately want Codex or local programs to manage live website login cookies. Treat the SQLite database and all command output as passwords, avoid shared machines and CI logs, use only trusted HTTPS refresh URLs, and do not expose the HTTP wrapper beyond localhost without adding authentication.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill explicitly relies on shell execution, filesystem access, and network access to persist and refresh authenticated session cookies, but it does not declare permissions or warn about those capabilities. That mismatch can mislead users and calling systems about the trust boundary, especially because the skill stores reusable authentication material on disk and can transmit it to remote endpoints.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
This example exposes session-cookie retrieval, refresh, and profile inspection over HTTP, which materially expands the attack surface for a component handling authentication secrets. Even if it binds to 127.0.0.1 by default, any local process—and potentially remote clients if launched with a broader host binding or reachable via SSRF/port forwarding—can obtain live cookies or trigger refreshes.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The description omits a clear warning that the skill persists live session cookies in SQLite under the user's home directory and serves them to other programs. Session cookies are bearer credentials, so compromise, accidental sharing, or misuse of the database can directly enable account hijacking or unauthorized access to the associated websites.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This documentation explicitly encourages exporting live authenticated cookies via stdout, JSON, subprocess output, and a local HTTP wrapper without any warning that these cookies are bearer credentials. In practice, this creates a real risk of credential theft through shell history, process inspection, logs, terminal capture, or unintended reuse by downstream tools, especially because the skill's purpose is to persist and serve active session cookies.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guidance tells users to copy live cookies from browser devtools, store them in SQLite, and pass them to other programs, but it omits any caution about credential sensitivity, account takeover risk, or privacy exposure. Because this skill is specifically designed to keep authenticated sessions alive across websites, the context makes mishandling especially dangerous: stolen cookies may grant immediate access to real user accounts without re-authentication.

Missing User Warnings

High
Confidence
96% confidence
Finding
The code explicitly permits both http and https in ensure_http_url(), and refresh_profile() later sends the persisted Cookie header to that URL. Because session cookies are authentication material, allowing plaintext HTTP can expose them to interception or modification by any on-path attacker, leading to account/session compromise. In this skill’s context, that risk is elevated because the entire purpose is to persist and reuse authenticated cookies.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
HTTP requests directly trigger backend subprocess execution without authentication, rate limiting, or an explicit consent boundary, letting any reachable client drive cookie-management operations. That creates a service-execution surface that may be abused for repeated refreshes, enumeration, or operational misuse even if the subprocess arguments are not shell-injected.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script prints the raw cookie output to stdout, which can expose active session tokens in terminal scrollback, logs, shell history wrappers, CI job output, or parent process capture. Because the skill is specifically designed to persist and serve authenticated cookies, disclosure of this value can directly enable session hijacking by anyone who can read that output.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script prints the retrieved cookie material directly to stdout before using it, which can expose live authentication tokens in terminal scrollback, logs, CI job output, shell history capture, or other monitoring systems. In this skill's context, the entire purpose is to persist and reuse authenticated session cookies, so disclosing them materially increases the risk of session hijacking and account compromise.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal