ClawHub

Birdfolio

Security checks across malware telemetry and agentic risk

Overview

Birdfolio is mostly purpose-aligned, but it automatically stores and publishes photo-derived content and may search local media folders too broadly.

Install only if you are comfortable with Birdfolio storing bird photos locally, sending your Telegram-linked sightings to its hosted API, and uploading generated cards to Cloudflare R2 where they may be public. Avoid using it with private or sensitive photos until it removes broad temp-folder searching, adds explicit upload consent, and documents retention/deletion controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill exercises file writes, network access, and likely environment-dependent execution without declaring permissions, which undermines least-privilege enforcement and informed review. In this skill, those capabilities are actively used to store user photos, call remote services, and upload generated assets, so the omission is security-relevant rather than merely documentary.

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The manifest frames the skill as bird identification and life-list management, but the instructions also direct public upload of user-photo-derived cards, remote API synchronization, browser-based HTML rendering, and fetching remote images. This mismatch can bypass user and platform expectations about data handling and materially expands the attack surface, especially because public hosting and external network transfers affect user privacy.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill explicitly instructs the agent to search temp/media folders and a Windows APPDATA path to locate the most recently downloaded image if no attachment path is provided. That is dangerous because it expands access beyond the current message attachment, risks grabbing unrelated local files from other conversations or applications, and normalizes filesystem probing for user content.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs permanent storage of user-submitted bird photos in a local workspace without any notice, retention policy, or user consent. Because photos can contain sensitive metadata or personal context, silent retention increases privacy risk and broadens the impact of compromise or misuse of the workspace.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill instructs uploading a generated card based on the user's submitted photo to Cloudflare R2 and obtaining a public URL, without warning the user that the content will be publicly accessible. This creates a clear privacy exposure because user imagery or derived content may become internet-accessible, link-shareable, and retained outside the local workspace.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script transmits user-linked sighting data, including a persistent Telegram identifier and optional notes, to a remote API without any built-in user notice, consent check, or transport-safety validation. In a skill that handles personal activity history and geotemporal sighting metadata, silent transmission can create privacy risk, especially if operators or users assume data remains local.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This script uploads a caller-specified local PNG to Cloudflare R2 and returns a public URL, but it provides no user-facing consent, confirmation, or boundary checks around what content is being sent off-system. In a skill context, that can lead to unintended exfiltration of local files if another component passes sensitive images or mislabels arbitrary files as PNGs for publication.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal