ClawHub
Back to skill

Security audit

Cheapcharts

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed public movie-price lookup helper, with optional public web enrichment but no hidden credential access, persistence, or destructive behavior.

Install only if you are comfortable with the agent making public web requests to CheapCharts and, for enrichment, sometimes IMDb, Movies Anywhere, or gift-card deal pages. Treat deal and gift-card advice as informational and verify prices before spending money.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill clearly depends on outbound network access to third-party CheapCharts infrastructure, yet the manifest does not declare that capability. This creates a permission/transparency gap: operators and policy gates may believe the skill is low-risk metadata-only content while it can actually perform live external requests and exfiltrate user queries to a remote service.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
This section explicitly instructs the agent to fetch content from IMDb, which is outside the stated CheapCharts-only scope and introduces an additional external dependency and data flow. Expanding to arbitrary third-party scraping increases network exposure, weakens least-privilege expectations, and can normalize uncontrolled outbound requests beyond the declared skill boundary.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The documentation directs use of an unofficial internal endpoint and even states it was discovered by inspecting website network calls, which expands the skill beyond its declared public API surface. Using undocumented/internal endpoints is risky because behavior, authorization assumptions, and exposed fields can change without notice, potentially causing data leakage, unexpected breakage, or policy violations.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
This section expands the skill from CheapCharts API lookups into external-site browsing and heuristic enrichment using IMDb and Movies Anywhere-related data. Scope expansion increases attack surface, weakens user expectations about what data sources will be contacted, and may cause the agent to navigate arbitrary external content beyond the declared function of a simple price-lookup skill.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill encourages use of an unofficial internal endpoint discovered via website network inspection rather than the documented public API. Depending on non-public interfaces is risky because behavior, schema, and access expectations can change without notice, and it normalizes agent access patterns outside the reviewed/declared contract.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The gift-card section instructs the agent to consult external retail deal pages and promo-code-like offers unrelated to the core CheapCharts API lookup scope. This broadens browsing behavior and can steer users toward third-party commercial pages, increasing exposure to stale, manipulated, or unexpected content and creating a larger social-engineering surface.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
Telling the agent to browse website pages and parse embedded JSON-LD as a fallback extends behavior from structured API use to arbitrary web-content processing. That makes the skill more susceptible to prompt injection, content manipulation, and brittle parsing from pages not covered by the original API trust model.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal