ClawHub

scut-review-monitor

Security checks across malware telemetry and agentic risk

Overview

The skill is a real SCUT portal monitor, but it handles login artifacts too broadly by uploading login QR codes to a third-party image host by default and storing session data locally.

Install only if you are comfortable with the skill handling your university portal session. Before login, set image_upload.enabled to false unless you explicitly want the login QR code sent to the configured image host, protect or delete cookies.json and login_qrcode files after use, and use only notification endpoints you trust.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The code exports login QR codes and uploads them to a third-party image hosting service, which materially expands the trust boundary beyond the monitored portal. A login QR code is a sensitive authentication artifact; exposing it to an external host can enable account takeover or unauthorized session establishment by anyone who obtains the image URL or by the hosting provider itself.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The tool presents itself as a portal text monitor, but it also captures and shares login QR codes, which is a materially different and far more sensitive capability. This mismatch reduces user awareness and informed consent, making accidental credential exposure more likely in a security-sensitive login flow.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly states that login QR codes are saved locally and may be uploaded to a configured image-hosting API during login, but it does not present this as a clear user-facing warning or consent point. Because QR login artifacts can enable session takeover or expose account-linked login metadata if accessed by others or sent to third parties, the omission creates a meaningful privacy and account-security risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code writes both the QR image and the raw data URL to disk without any explicit warning, minimization, or protection controls. Those files may function as reusable or time-sensitive authentication artifacts, so local disclosure via backups, shared directories, or other users on the system could expose login capability or sensitive portal access.

Missing User Warnings

High
Confidence
99% confidence
Finding
Uploading a login QR code to an external image hosting API transmits a sensitive authentication token outside the local environment with no explicit user-facing warning. Because the skill's stated purpose is portal monitoring, this hidden external sharing is especially dangerous: it can let third parties scan or retrieve the QR code and hijack the login flow.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests
lxml
playwright
Confidence
98% confidence
Finding
requests

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests
lxml
playwright
Confidence
98% confidence
Finding
lxml

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests
lxml
playwright
Confidence
95% confidence
Finding
playwright

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
99% confidence
Finding
requests

Known Vulnerable Dependency: lxml — 10 advisory(ies): CVE-2021-43818 (lxml's HTML Cleaner allows crafted and SVG embedded scripts to pass through); CVE-2014-3146 (lxml Cross-site Scripting Via Control Characters); CVE-2021-28957 (lxml vulnerable to Cross-Site Scripting ) +7 more

High
Category
Supply Chain
Confidence
99% confidence
Finding
lxml

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal