ClawHub

Insforge

Security checks across malware telemetry and agentic risk

Overview

This is documentation rather than executable malware, but it mixes frontend SDK guidance with privileged backend, credential, and bulk data operations that need careful review.

Install only if you are intentionally building with InsForge and will review generated code before applying it. Do not put admin tokens or API keys in frontend code, do not log access or refresh tokens, and treat SQL/RLS/SECURITY DEFINER, user deletion, and bulk import examples as backend-admin tasks requiring explicit approval, backups, and least-privilege credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (9)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill claims to be limited to client-side SDK integration, but it embeds substantial backend SQL guidance for triggers, RLS, and database-side publishing. This scope mismatch can cause an agent to generate or suggest privileged backend changes in the wrong context, increasing the chance of unsafe configuration changes or bypassing intended review boundaries.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The documentation first instructs users to use insforge-cli for backend configuration, but later provides direct backend SQL and HTTP configuration steps within the same skill. This contradictory guidance weakens safety boundaries and can lead agents to ignore separation-of-duties controls, performing sensitive backend setup from a skill that users may trust as frontend-only.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
This frontend SDK integration guide mixes in backend SQL schema management, RLS policy creation, triggers, and a privileged HTTP bulk-upsert API. In a skill explicitly meant for frontend code, this scope confusion can cause an agent or developer to surface admin-only or infrastructure instructions in an unsafe client-side context, increasing the chance of exposing privileged operations or misusing elevated credentials.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The file documents a bulk-upsert endpoint authenticated with an admin token or API key inside a frontend database SDK integration guide. Because the skill is intended to help generate frontend code, this creates a substantial risk that an agent or developer will embed or route privileged credentials into client-accessible code paths, enabling full-table overwrite, mass data import, or unauthorized modification if exposed.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The example encourages sending files to an AI service and enabling web search from frontend code without any warning about data disclosure, third-party processing, or user consent. In a frontend integration skill, this is materially risky because developers may copy the example directly and transmit sensitive documents or prompts to external AI/search providers without privacy review or disclosure.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The image-generation example immediately uploads generated output to storage but does not warn that this persists content beyond the transient AI response. In a frontend skill, omission of persistence warnings can lead developers to store sensitive, copyrighted, or policy-sensitive generated images without retention controls or user awareness.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation explicitly logs `data.session.accessToken`, which is a sensitive credential. In frontend auth integrations, developers often copy examples verbatim; logging tokens can expose them through browser consoles, shared screenshots, crash reports, remote debugging tools, or third-party log collection, enabling session theft.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The bulk-upsert section omits warnings about uploading sensitive files, conflict-based overwrites, and the blast radius of importing directly into a table. In combination with the documented admin-token authentication, this omission can normalize dangerous usage and lead to accidental exposure, corruption, or mass overwrite of sensitive data.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
Stating that the SDK automatically includes the user's auth token without warning about transmission scope, endpoint trust, and logging risks can lead developers to send bearer tokens to functions or routes without understanding the privacy and security implications. In a frontend integration skill, this is more dangerous because readers may invoke arbitrary or third-party-backed functions and inadvertently propagate sensitive credentials.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal