ClawHub

Fabric.co API skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Fabric API helper that uses a Fabric API key to read and manage Fabric workspace content, with no hidden persistence, exfiltration, or automatic destructive behavior found.

Install only if you want an agent to access and change your Fabric workspace. Use a scoped or revocable Fabric API key if available, keep FABRIC_BASE pointed at the real Fabric API unless you intentionally use another trusted endpoint, avoid --with-key for arbitrary absolute URLs, and review delete, recover, bulk-write, and file-upload operations before running them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill clearly uses sensitive capabilities—environment variables for API keys, file reads for local helper/spec files, and outbound network access to the Fabric API—but does not declare explicit permissions. That mismatch weakens platform-level transparency and policy enforcement, making it easier for an agent or user to invoke a skill with broader effective access than expected.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Accepting an access token in the query string is dangerous because query parameters are commonly logged by clients, proxies, browsers, analytics systems, and server infrastructure. That increases the chance of credential disclosure and replay, especially for shared links, debugging output, or intermediary network components.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The recovery endpoint permits a bearer-style token in the URL query string, which risks exposure through logs, monitoring systems, referrer leakage, and browser history. Because the endpoint performs state-changing operations, a leaked token could be reused to restore resources without the user's intent.

Missing User Warnings

High
Confidence
99% confidence
Finding
Placing an access token in the query string for a destructive delete operation is especially risky because leaked URLs can directly enable unauthorized deletion or archival actions. The combination of credential exposure and high-impact state change substantially raises the severity versus a read-only endpoint.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Allowing access tokens in the query string on the space creation endpoint creates avoidable credential exposure through standard URL handling and observability pipelines. A leaked token could be replayed to create unauthorized spaces or used against other permitted API operations if the token has broader scope.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal