ClawHub

cms-push-skill

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but its publishing scripts disable HTTPS certificate checks while using access tokens for remote publishing actions.

Install only if you trust the internal platform workflow and are comfortable reviewing the scripts first. Before use, verify the skill package contains no secrets, understand that publish/update/delete affect remote platform state, and avoid sending access tokens through these scripts until TLS verification is restored or explicitly constrained to a trusted development environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation describes register, update, publish, and delete operations against a platform, but does not include clear warnings that these actions modify remote platform state and may be irreversible or user-visible. In an agent setting, that omission is dangerous because it normalizes high-impact state-changing operations without requiring confirmation, increasing the chance of accidental publication, overwrite, or takedown of a skill.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill documents syncing content to GitHub and ClawHub but does not warn that local skill contents, metadata, and possibly embedded secrets or proprietary code may be transmitted to third-party or external services. In this context, the omission is particularly risky because the skill is explicitly designed to package and push artifacts, so users may unintentionally exfiltrate internal assets outside the internal platform.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The code globally suppresses urllib3 InsecureRequestWarning, explicitly tied to use of verify=False elsewhere in the skill. This removes an important signal that HTTPS certificate validation is being bypassed, increasing the chance that developers or operators will unknowingly accept man-in-the-middle exposure when communicating with the CMS API.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The request explicitly disables TLS certificate verification with `verify=False` while sending an authenticated registration request that uses a bearer token. This enables man-in-the-middle interception or modification of the request/response, potentially exposing the token and allowing an attacker to tamper with Skill registration data; the risk is elevated because this script is specifically used to publish/update platform content.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The HTTP request explicitly sets verify=False, disabling TLS certificate validation. This allows man-in-the-middle interception or modification of authenticated API traffic, including the access token and skill metadata/update payloads, especially dangerous because this script pushes changes to a remote platform using privileged credentials.

Unsafe Defaults

Medium
Category
Tool Misuse
Content
API_URL,
            json=payload,
            headers=headers,
            verify=False,
            allow_redirects=True,
            timeout=60,
        )
Confidence
99% confidence
Finding
verify=False

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal