ClawHub

apishield

Security checks across malware telemetry and agentic risk

Overview

APIShield is a local API-route security scanner with disclosed optional git-hook and report-writing features; install only if you are comfortable with those repository changes when explicitly invoked.

Use this skill for local API-route auditing. Run scans against an explicit directory when possible, review APISHIELD-REPORT.md before committing it, and only run hooks install if you intentionally want APIShield to add lefthook-based pre-commit checks to the repository.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The declared description frames the skill as a narrow API route scanner, but the documented behavior is materially broader: it installs git hooks, reads local config and environment licensing data, performs tier-gated logic, and generates additional reports and inventories. This mismatch can mislead users and orchestration systems about side effects and data access, increasing the chance of unintended repository modification or collection/use of sensitive local information.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation phrases are broad and overlap with common user requests, which can cause the skill to trigger in situations where the user did not clearly consent to filesystem-wide scanning or other side effects. In an agent setting, ambiguous trigger boundaries raise the risk of overbroad execution against sensitive directories or unintended operational changes.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The example usage scenarios map vague natural-language requests directly to `apishield scan .`, which defaults to scanning the current directory. That behavior is potentially dangerous in an agent context because a casual security question could trigger broad local analysis of unrelated or sensitive files without clear user intent.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The hook installation path modifies repository configuration and installs Git hooks without any explicit user confirmation or dry-run step. In a developer tool, silently changing repo state can surprise users, create persistence in the development workflow, and may execute additional scanning logic on future commits.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal