ClawHub

Mixlab Fill Content

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says at a high level, but it can fetch untrusted URLs and update Mixdao records with under-scoped safeguards.

Install only if you are comfortable granting a local agent Mixdao write access and sending scraped article text to the configured AI provider. Before any update, review the temp/list output, pass only exact intended IDs, clean stale temp files, and prefer scoped API keys. The publisher should add URL validation, skip updates when summarization fails, disclose the default AI endpoint, and enforce current-run ID validation before PATCHing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill clearly instructs the agent to run shell commands and consume sensitive environment variables (`MIXDAO_API_KEY`, `ANTHROPIC_API_KEY`) but does not declare permissions. This creates a capability/consent gap: an agent or platform may execute networked update operations and access secrets without explicit scoping, making unintended data modification or secret exposure more likely.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger set includes broad phrases such as “无正文”, “抓正文”, and “更新正文”, which can overlap with ordinary user requests and cause the skill to activate unexpectedly. Because this skill fetches remote content and can later write summarized content back to mixdao, accidental invocation can lead to unintended external requests or content updates.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal