ClawHub
Back to skill

Security audit

MDAC Auto-Filler

Security checks across malware telemetry and agentic risk

Overview

This skill automates a government arrival-card submission and intentionally bypasses the site's CAPTCHA, so it should be reviewed carefully before use.

Install only if you accept the legal, privacy, and account-risk implications of automating a protected government immigration workflow. Prefer a version that fills fields only, requires the traveler to complete CAPTCHA manually, and asks for explicit confirmation before submission. Store passport data in a restricted local file, avoid command-line JSON for real personal details, and delete any generated screenshots containing sensitive information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (11)

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The reference explicitly documents a CAPTCHA bypass by intercepting the verification request and forcing a successful server response, rather than solving the challenge legitimately. That enables automated evasion of an anti-abuse control on a government entry form, which is a clear security-relevant misuse capability and not a benign implementation detail.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill metadata says it handles slider CAPTCHA solving automatically, and this file goes further by documenting circumvention through client-side hooking and forged success responses. That expands the skill from normal form assistance into anti-bot evasion against a third-party service, materially increasing abuse potential.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The script explicitly advertises bypassing a slider CAPTCHA, and the implementation later confirms that it tampers with verification rather than performing a legitimate challenge flow. In the context of a government immigration form, this is dangerous because it is designed to defeat an access-control and anti-abuse mechanism protecting a sensitive public service.

Description-Behavior Mismatch

High
Confidence
100% confidence
Finding
The code monkey-patches $.ajax so requests to '/captcha' never reach the server and instead invoke the success callback with a forged positive result. This is a deliberate circumvention of server-side verification and enables automated submission of a government form containing sensitive identity data at scale.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly promotes automatic filling, CAPTCHA solving, and final submission of highly sensitive personal data without describing any user confirmation step before the irreversible submission occurs. In an agent-skill context, this increases the risk of unintended disclosure or premature submission of passport and travel data if the assistant acts on incomplete, stale, or mistaken user input.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill description explicitly solicits highly sensitive personal and travel data, but provides no warning about privacy, consent, data handling, or the fact that the data will be transmitted to a government immigration website. This creates a real security and privacy risk because users may disclose passport, DOB, contact, and itinerary data without informed consent or understanding of exposure.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation describes automatic CAPTCHA solving and submission as normal operation without clearly warning that it is circumventing an anti-bot control and submitting on the user's behalf. That is dangerous because it can mislead users into unauthorized automation, violate site terms, and normalize covert anti-abuse evasion.

Natural-Language Policy Violations

High
Confidence
99% confidence
Finding
These lines provide concrete steps to bypass a CAPTCHA mechanism, including the endpoint to target, the payload shape, and the condition needed to mark verification as successful. In the context of an arrival-card submission skill, this facilitates unauthorized automation of a protected workflow and can support large-scale fraudulent or abusive submissions.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The script automatically submits passport, identity, contact, and travel details to a government website without any explicit confirmation prompt, privacy notice, or warning about external transmission. In this skill context, the data is highly sensitive, so silent submission increases the risk of unintended disclosure, accidental filing, or misuse by an operator or wrapper agent.

Natural-Language Policy Violations

High
Confidence
98% confidence
Finding
The documentation instructs users that the tool bypasses CAPTCHA protections, and the code implements that behavior. Because this is an immigration-arrival workflow for a government site, the skill context makes the issue more serious: it is not merely policy-problematic language, but an operational guide for evading an anti-automation control on a sensitive service.

Ssd 4

High
Confidence
99% confidence
Finding
This section gives concrete, step-by-step instructions to defeat the site's slider CAPTCHA, including intercepting verification flows, reading internal coordinates, calculating the required movement, and simulating human-like drag behavior to avoid detection. In context, this is not benign documentation; it is actionable anti-bot bypass guidance that can be reused to automate protected workflows and abuse the target service.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal