ClawHub

Quark Netdisk

Security checks across malware telemetry and agentic risk

Overview

This skill matches its Quark Drive purpose, but it needs Review because some cloud-file mutations can run without the confirmation the skill promises.

Install only if you are comfortable granting this skill ongoing access to the linked Quark Drive account. Configure a narrow references/config.json before use, keep session/cookie/token files private, set expiry and passcodes intentionally for share links, and manually confirm rename/move intent until those commands enforce confirmation in code.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill advertises substantial capabilities—network access, file read/write, shell execution, and environment access—but does not declare permissions. This creates a transparency and governance gap: operators and users cannot reliably assess what the skill may access, making it easier for a misconfigured or compromised implementation to exceed expected trust boundaries.

Description-Behavior Mismatch

Medium
Confidence
85% confidence
Finding
The module advertises and implements rename, move, copy/delete-style capabilities that expand beyond the narrower skill description, increasing the effective authority of the skill. Even though path allowlisting exists for some helpers, these lower-level fid-based primitives can still be invoked directly by higher layers and create a broader destructive surface than users may expect.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
`delete_file` issues a permanent remote deletion via `file/delete` with no built-in confirmation, recycle-bin routing, or safety interlock. In a cloud-drive automation skill handling authenticated user content, accidental invocation or misuse could irreversibly destroy user data at account scope.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
### Destructive
- `rename <src_path> <new_name>`
- `mv <src_path> <dst_dir>`
- `rm <src_path> --confirm` (soft-delete into `/OpenClaw/.trash`)
- `purge-trash --days <n> --confirm`

## Troubleshooting
Confidence
89% confidence
Finding
rm <src_path> --confirm` (soft-delete into `/OpenClaw/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal