ClawHub
Back to skill

Security audit

Brickset

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate Brickset helper, but its raw API mode can invoke account and collection-management operations without clear scoping or warnings.

Install only if you intend to let the agent use your Brickset API key. Prefer the wrapped lookup commands, and review any raw call involving login, userHash, getCollection, or collection-management because those can expose or change account-linked collection data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill declares capabilities that include environment access, file reads, and network use, but does not explicitly declare permissions or constraints. This weakens transparency and reviewability, making it easier for a user or calling system to underestimate that the skill can read secrets such as API keys and transmit data to external services.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The manifest frames the skill mainly as LEGO lookup and browsing, but the documented raw API mode enables broader account-linked operations such as login, checking user hashes, getting collections, and collection-management calls. That mismatch can mislead users about the sensitivity and side effects of the skill, increasing the chance that account data or state-changing actions are invoked without informed consent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly documents raw API calls involving login, userHash, getCollection, and collection-management methods without a clear warning that credentials, account identifiers, or collection data may be sent to Brickset. In this context, the omission is meaningful because the same skill is otherwise presented as a general lookup tool, so users may not expect account-scoped access or external transmission of sensitive data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal