ClawHub

Grocy Inventory

Security checks across malware telemetry and agentic risk

Overview

The skill fits its Grocy inventory purpose, but it exposes a concrete API key and includes commands that can change inventory records.

Review before installing. Replace the embedded API key with your own securely supplied Grocy key, rotate the exposed key if it was ever valid, and only allow write commands after confirming the exact barcode, amount, location, and battery being changed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill file embeds a live Grocy API key directly in documentation, exposing a reusable secret to anyone who can read the skill. Even though the service is described as localhost, the key grants authenticated access to inventory-management actions and could be abused by other local processes, plugins, or anyone who later gains access to the host or repository.

Missing User Warnings

High
Confidence
98% confidence
Finding
The documentation not only discloses a concrete API key but normalizes direct use of that credential without any warning about secrecy or handling requirements. This increases the chance of credential leakage, copy-paste propagation into logs/shell history, and unauthorized access to the Grocy instance.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill documents state-changing operations such as consume, open, transfer, and battery charge without warning that they modify persistent user data. In an agent context, this raises the risk of accidental or unintended inventory changes because examples present destructive actions as routine commands with no confirmation or safety guardrails.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal