ClawHub

agentsecrets

Security checks across malware telemetry and agentic risk

Overview

This is a plausible secrets-management skill, but it gives an agent broad credential authority while overstating that the agent can never see secret values.

Review before installing. Use this only if you trust the AgentSecrets CLI and publisher, and require explicit confirmation before retrieving plaintext secrets, switching to production, syncing or pushing secrets, making authenticated API calls, or wrapping commands with secret-bearing environment variables. Prefer least-privilege credentials and non-production environments unless production use is deliberate.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The skill repeatedly claims a zero-knowledge model where agents never see credential values, but later instructs use of `agentsecrets secrets get KEY_NAME`, explicitly noting it shows the value to the user. In an agent-operated context, invoking a value-revealing command can expose the secret to the agent runtime, logs, transcripts, or downstream tools, directly contradicting the stated security boundary.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The documentation creates a misleading security guarantee by asserting the agent never sees credential values while documenting a command that reveals them. This mismatch can cause users and integrators to trust the skill in environments where agent-visible secret disclosure is unacceptable, increasing the chance of credential leakage through chat history, terminal capture, or tool telemetry.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The README encourages agents to perform authenticated external API calls and to inject secrets into child-process environments, but it does not clearly warn users that these actions can transmit sensitive data off-host or expose credentials to subprocesses, logs, crash reports, or inherited environments. In an agent skill context, this omission is more dangerous because users may grant broad autonomy and assume the integration is safe by default, increasing the chance of unintended data disclosure or high-impact actions against production systems.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill includes commands that can transmit authenticated requests to external services and potentially reveal or misuse credentials, but it lacks a strong, user-facing warning about the risk of data exposure, side effects, and outbound transmission. In an agent context, normalizing these commands without consent or disclosure increases the risk of unintended API actions and leakage of sensitive metadata or secrets.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal