ClawHub

Interactive LeetCode practice

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed LeetCode practice integration that asks before installing a pinned MCP server and before saving LeetCode session cookies locally.

Install only if you trust the referenced npm/GitHub MCP server. Keep the package version pinned, review changelogs before updating, authenticate only when needed, and delete ~/.leetcode-mcp/credentials.json or remove the MCP config when you stop using it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Credential Access

High
Category
Privilege Escalation
Content
clawdbot:
    requires:
      bins: [npx]
      config: [~/.leetcode-mcp/credentials.json]
    credentials:
      stores: ~/.leetcode-mcp/credentials.json
      contents: csrftoken, LEETCODE_SESSION, createdAt timestamp
Confidence
81% confidence
Finding
credentials.json

Credential Access

High
Category
Privilege Escalation
Content
bins: [npx]
      config: [~/.leetcode-mcp/credentials.json]
    credentials:
      stores: ~/.leetcode-mcp/credentials.json
      contents: csrftoken, LEETCODE_SESSION, createdAt timestamp
      permissions: "0600"
---
Confidence
88% confidence
Finding
credentials.json

Credential Access

High
Category
Privilege Escalation
Content
## Auth Flow

1. Before auth-sensitive actions → call `check_auth_status`
2. If not authenticated or expired → **ask the user if they want to authenticate.** Explain that this will store LeetCode session cookies locally at `~/.leetcode-mcp/credentials.json` (owner-read/write only). Do not proceed without consent.
3. After consent → invoke `leetcode_authentication_guide` prompt
4. Call `start_leetcode_auth` → the prompt will guide the user through providing credentials → call `save_leetcode_credentials` with the values the user provides
5. On success → retry original action
Confidence
84% confidence
Finding
credentials.json

Credential Access

High
Category
Privilege Escalation
Content
**Always delegate auth guidance to the `leetcode_authentication_guide` prompt.** Do not improvise your own auth instructions — the prompt handles browser-specific guidance, error recovery, and troubleshooting.

**Credential storage:** The MCP server stores credentials locally at `~/.leetcode-mcp/credentials.json` with file permissions `0o600` (owner-read/write only). Only `csrftoken`, `LEETCODE_SESSION`, and a `createdAt` timestamp are stored. Credentials are never transmitted to any third party — they are used exclusively for direct LeetCode API calls. Typical credential lifetime is 7-14 days.

## Submission Language Map
Confidence
80% confidence
Finding
credentials.json

Session Persistence

Medium
Category
Rogue Agent
Content
## Auth Flow

1. Before auth-sensitive actions → call `check_auth_status`
2. If not authenticated or expired → **ask the user if they want to authenticate.** Explain that this will store LeetCode session cookies locally at `~/.leetcode-mcp/credentials.json` (owner-read/write only). Do not proceed without consent.
3. After consent → invoke `leetcode_authentication_guide` prompt
4. Call `start_leetcode_auth` → the prompt will guide the user through providing credentials → call `save_leetcode_credentials` with the values the user provides
5. On success → retry original action
Confidence
78% confidence
Finding
write only). Do not proceed without consent. 3. After consent → invoke `leetcode_authentication_guide` prompt 4. Call `start_leetcode_auth` → the prompt will guide the user through providing credentia

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal