ClawHub

Opik Reporter

Security checks across malware telemetry and agentic risk

Overview

This skill needs Review because it advertises live Opik reporting but appears to generate hard-coded sample metrics and send them to a fixed Discord target.

Install only after reviewing the code and accepting that v1.0.0 does not provide real Opik telemetry. Replace the API-key-like value, remove user-specific paths, configure your own Discord destination, and avoid scheduled use until reports are either based on real data or clearly labeled as synthetic.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The documentation embeds a live-looking hardcoded Opik API key directly in the example configuration. Even if intended as an example, publishing credentials in skill docs normalizes unsafe secret handling, can expose a real token if reused, and enables unauthorized access to observability data and related metadata.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The script claims to fetch and analyze Opik traces but instead generates a fully hard-coded mock report. This is a supply-chain integrity issue because operators may trust and act on fabricated observability, masking real failures, costs, or incidents. In a reporting skill, false telemetry is security-relevant because it can hide outages or abuse and undermine incident response.

Intent-Code Divergence

High
Confidence
95% confidence
Finding
The header documents capabilities that the implementation does not provide, specifically real trace fetching and analysis. Misrepresentation of behavior increases risk because users may deploy the skill expecting trustworthy monitoring while actually receiving synthetic data, which can delay detection of security and reliability problems.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The top-level description states that traces, usage, costs, and errors are sent to Discord, but it does not clearly warn that potentially sensitive operational telemetry will be transmitted to a third-party platform. This can cause users to enable the skill without understanding that internal system metadata, failures, and possibly prompt-derived content may leave the primary environment.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The Discord push feature is presented as a core capability without any privacy, retention, or data exposure warning. In the context of observability reporting, traces and error details frequently contain sensitive operational information, so automatic forwarding to Discord materially increases the risk of unintended disclosure.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script automatically transmits report content to Discord, an external service, without an explicit consent gate or clear warning at send time. In an observability context, reports may contain operational metadata, usage patterns, errors, and potentially sensitive details, so silent exfiltration to a third party increases privacy and data-handling risk.

VirusTotal

No VirusTotal findings

View on VirusTotal