ClawHub

Paperless Api

Security checks across malware telemetry and agentic risk

Overview

This skill matches its stated Paperless-ngx upload purpose, but it handles sensitive documents and an API key with weak transport and credential guidance that users should review before installing.

Review before installing. Use this only with a Paperless-ngx server you control, prefer HTTPS with certificate verification enabled, avoid placing API keys directly in commands or logs, and confirm the exact file and destination before each upload.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documents and enables outbound network access to a user-supplied Paperless-ngx host, but no permissions are declared to make that capability explicit. This creates a transparency and policy-enforcement gap: users or tooling may not realize the skill can transmit documents and metadata over the network, increasing the risk of unintended exfiltration or use against an unsafe host.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The code unconditionally sets verify=False on the HTTPS request, disabling certificate validation for all uploads. This makes the API key, document contents, and metadata vulnerable to man-in-the-middle interception or tampering when communicating over HTTPS, especially because this skill is specifically designed to transmit sensitive documents to a remote service.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation includes a realistic plaintext API key example and does not warn that credentials are sensitive or should never be hardcoded, logged, or committed. Even if the shown key is only an example, this normalizes unsafe secret-handling practices and increases the chance that users will paste real tokens into commands, shell history, screenshots, or source control.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal