ClawHub

Twhidden Bitwarden

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Bitwarden/Vaultwarden integration, but it gives an agent broad ability to read, create, edit, and delete vault credentials without built-in confirmations.

Install only if you are comfortable letting an agent access the configured Bitwarden/Vaultwarden account. Prefer a dedicated limited vault account, require explicit approval for read/create/edit/delete/register actions, avoid storing your primary master password in shared or backed-up plaintext files, and run lock/logout when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill is presented primarily as a password-management integration, but it also supports account registration by deriving cryptographic registration data and directly calling the server registration API. This broadens the operational scope into account creation, which could be abused for unauthorized account provisioning or unexpected outbound handling of highly sensitive credentials if agents invoke it autonomously.

Missing User Warnings

Low
Confidence
78% confidence
Finding
The README instructs users to store a master password in a plaintext environment file and demonstrates commands that retrieve secrets, but it does not clearly warn that shell history, process output, logs, backups, or multi-user environments may expose those secrets. In a password-manager integration, weak guidance around handling retrieved credentials materially increases the chance of accidental secret disclosure.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The delete path permanently removes a vault item with no confirmation, dry-run, or safety interlock. In a password manager context, accidental or prompt-manipulated deletion can cause credential loss, service lockout, or destruction of recovery data, making this more dangerous than a typical CRUD script.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal