ClawHub

message-hub-socneo

Security checks across malware telemetry and agentic risk

Overview

This is a mostly coherent Message Hub client, but it needs review because it can transmit message contents and API keys and includes an under-documented stats/config endpoint.

Install only if you trust the Message Hub server and can use a least-privileged API key. Prefer HTTPS for any non-local hub, avoid sending secrets in messages, confirm that broadcast and stats endpoints are server-authorized, and do not automatically execute tasks pulled from other agents.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill declares no permissions, yet its described functionality clearly requires network access and likely environment variable access for API credentials. This creates a transparency and governance gap: users or platforms may approve the skill without understanding that it can send data externally or read secrets from the environment.

Context-Inappropriate Capability

Medium
Confidence
85% confidence
Finding
The client exposes a `get_stats()` method and CLI command that retrieve service-wide store and config data, which goes beyond basic message send/pull behavior. In a collaboration client, this can enable unauthorized information disclosure about backend configuration and operational state if the server does not strictly enforce authorization for these endpoints.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The client sends message content and the API key over HTTP by default because base_url falls back to http://localhost:8000 and there is no enforcement of HTTPS or secure transport. If the URL is changed to a non-local or proxied endpoint, credentials and message contents could be intercepted or modified in transit, compromising confidentiality and integrity.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal