ClawHub

mcp-best-practices

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only MCP development guide with no hidden executable behavior, though some examples should be applied carefully in production.

Safe to install as an MCP development reference. Before copying examples into production, restrict CORS to trusted origins, validate Origin headers, require appropriate authentication for HTTP endpoints, avoid exposing local servers through public tunnels, and explicitly filter sensitive upstream fields instead of blindly passing full API responses through.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The guidance recommends `.passthrough()` as the default for upstream API output pass-through, which weakens output validation and can normalize acceptance of arbitrary extra fields. In an MCP server context, this can expose unintended sensitive fields from upstream responses to clients and reduce the effectiveness of schema-based safety boundaries, especially when developers cargo-cult the recommendation broadly.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill description is extremely broad and tells the agent to use this skill for many generic MCP-related tasks, which increases the chance it will be auto-invoked in contexts where it is only partially relevant. Over-broad invocation scope can crowd out more specific skills, inject large amounts of guidance into unrelated workflows, and expand the attack surface if the skill content is ever poisoned or becomes stale.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal