Back to skill

Security audit

Mbti Master

Security checks across malware telemetry and agentic risk

Overview

The MBTI quiz features are mostly local and coherent, but the package also ships exposed publishing credentials, risky install guidance, and broad GitHub/ClawHub publishing tools that do not fit a personality-test skill.

Review this package carefully before installing. Do not run the curl-to-bash installer, treat the exposed ClawHub token as compromised, avoid the publishing scripts unless you intentionally want to publish the whole directory with your own authenticated accounts, and be aware the quiz saves results locally in your home directory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (10)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The documentation claims the tool runs entirely locally, yet the install instructions fetch code and archives from remote URLs. This is a real security concern because it misleads users about the trust boundary and can cause them to execute unreviewed remote content during installation.

Description-Behavior Mismatch

High
Confidence
93% confidence
Finding
The script performs GitHub repository creation, pushing code, tagging releases, and publishing a release package, which is outside the stated MBTI personality-analysis functionality of the skill. In an agent-skill context, bundling distribution automation introduces an unnecessary capability to modify external code hosting state and exfiltrate local repository contents to a remote destination if invoked in the wrong context.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
The script checks GitHub authentication state and manages remotes and repository creation, giving it the ability to act with the user's authenticated GitHub identity. Because the skill's purpose is MBTI analysis, these capabilities are unjustified and significantly increase risk: if triggered, the script can create repositories, push local contents, and alter remote state using existing credentials.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The document instructs users to initialize a repository, add all files, and publish it publicly to GitHub without warning them to review the contents for secrets, tokens, API keys, test data, or local configuration files. In a publishing guide, `git add .` plus `--public --push` materially increases the chance of accidental credential or sensitive data exposure.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The guide tells users to run GitHub authentication and later execute project shell scripts, but it does not warn about token scope, credential handling, or the risk of running downloaded/local scripts without inspection. This can lead users to authorize broad access or execute unreviewed code from the repository context.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
Piping a remote script directly into bash executes uninspected code immediately, giving the remote host full control over what runs on the user's system. If the server, DNS, TLS trust chain, or hosting account is compromised, arbitrary code execution can occur without any review step.

Missing User Warnings

High
Confidence
99% confidence
Finding
The file contains what appears to be a live ClawHub API token embedded directly in documentation and publish instructions. Exposed credentials can be copied by anyone with repository access and used to authenticate to the service, potentially allowing unauthorized publishing, account access, or other actions permitted to that token.

Missing User Warnings

Low
Confidence
91% confidence
Finding
The script persistently stores a user's MBTI result in $HOME/.mbti-results/test_history.csv without clearly warning the user before collecting responses or obtaining consent. While this is not code-execution dangerous, it creates a privacy issue because personality-test outputs can be considered sensitive profiling data and may be readable later by the user, backup systems, or other local processes depending on environment and permissions.

External Script Fetching

High
Category
Supply Chain
Content
```bash
# 下载并安装
curl -fsSL https://your-domain.com/mbti-master/install.sh | bash
```

### 方法2:手动安装
Confidence
99% confidence
Finding
curl -fsSL https://your-domain.com/mbti-master/install.sh | bash

Chaining Abuse

High
Category
Tool Misuse
Content
```bash
# 下载并安装
curl -fsSL https://your-domain.com/mbti-master/install.sh | bash
```

### 方法2:手动安装
Confidence
98% confidence
Finding
| bash

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.destructive_delete_command

Documentation contains a destructive delete command without an explicit confirmation gate.

Warn
Code
suspicious.destructive_delete_command
Location
INSTALL.md:75