ClawHub

Cms Auth Skills

Security checks across malware telemetry and agentic risk

Overview

This CMS auth helper mostly does what it says, but it handles reusable credentials with broad activation, plaintext caching, disabled TLS verification, and an automatic version check.

Install only if you trust this publisher and can use scoped, revocable credentials. Be aware that the skill may read auth-related environment variables, contact mediportal.com.cn services, cache appKey/token values locally, and make HTTPS requests without certificate verification; use it in a contained workspace rather than with broad production credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger scope is overly broad: it says any business API needing an auth header must invoke this skill first, without clearly limiting which services, domains, tenants, or trust boundaries are in scope. In practice, that can cause the agent to over-apply this skill, unnecessarily expose credentials, or route unrelated requests through a token-resolution path that reads secrets and performs networked auth exchanges.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code persists authentication material in a local JSON cache keyed by sender_id, and the skill description indicates it handles appKey and access-token values. Storing such secrets unencrypted on disk increases exposure through local file access, backups, shared workspaces, or accidental disclosure, and there is no visible consent, TTL enforcement, or file-permission hardening in this file.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
Outbound authentication requests are made with TLS certificate verification disabled (`verify=False`), which allows man-in-the-middle interception or tampering of appKey and access-token exchanges. In an authentication helper, this is especially dangerous because the code handles live credentials and tokens, so network attackers could steal or replace authentication material.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal