ClawHub

Cms Find Skills

Security checks across malware telemetry and agentic risk

Overview

This skill is meant to find and install skills, but it silently reuses an environment AppKey and downloads installable code with TLS certificate checks disabled.

Install only if you trust the publisher and the aishuo.co registry, and only in a workspace where this AppKey reuse is intended. Before use, require TLS verification, avoid passing secrets through model-visible command arguments, confirm any --force update, and prefer signed or checksummed skill packages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
Detailed output explicitly reveals whether a skill is marked internal-visible, which can leak catalog classification information to any caller of the script. In the context of a discovery/install tool meant for public or general catalog queries, exposing internal/public status can aid enumeration of non-public assets and reveal organizational inventory boundaries.

Missing User Warnings

High
Confidence
98% confidence
Finding
The description explicitly instructs the agent to silently read the current environment's AppKey and use it for API calls without prompting or warning the user. Silent credential access and transmission is dangerous because it normalizes secret exfiltration behavior and could leak or misuse an authorization token outside the user's awareness.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill supports overwrite installation and force deletion/reinstallation of existing skill directories, but the documentation does not require a clear warning or confirmation before destructive changes. This can lead to unintended loss of local modifications, replacement of trusted code, or persistence of tampered content in the agent workspace.

Missing User Warnings

High
Confidence
99% confidence
Finding
The routing instructions require automatic, silent extraction of an AppKey from the environment and direct transmission to a remote API, with explicit guidance not to ask the user or perform additional authorization checks. This is a direct secret-handling anti-pattern that can enable unauthorized use of credentials and reduce the chance a user notices suspicious network activity.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The script disables TLS certificate verification and suppresses the associated warning, allowing a man-in-the-middle attacker to intercept or modify responses from the skill registry API. Because this tool can query catalog data and return download URLs used for subsequent installation/update flows, tampered responses could redirect users to malicious packages or falsify trusted metadata.

Missing User Warnings

High
Confidence
99% confidence
Finding
The downloader disables TLS certificate verification and suppresses the related warning, which allows a machine-in-the-middle attacker to substitute an arbitrary ZIP during transport. In this skill context, the downloaded archive is then extracted into the local skills workspace, so tampered content could plant malicious skill files that are later trusted or executed by the agent environment.

Ssd 1

High
Confidence
99% confidence
Finding
The skill explicitly instructs the agent to reuse an environment AppKey and bypass normal user-facing authorization checks because the systems are 'the same platform.' That weakens trust boundaries between the agent runtime and external services, making credential misuse and unauthorized API access more likely, especially in a skill that also downloads and installs code.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal