ClawHub

Mcp Builder test

Security checks across malware telemetry and agentic risk

Overview

This is a coherent MCP server development guide with optional, user-run evaluation scripts, but those scripts and examples should only be used with trusted servers and non-sensitive test data.

Install if you want an MCP-building guide. Run the included evaluation scripts only against trusted local or test MCP servers, with least-privilege credentials and non-sensitive data; avoid production write-capable tools unless isolated and reviewed, and be cautious when saving evaluation reports because they may include prompts and tool outputs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill instructs the agent to create files and interact with MCP infrastructure, but it declares no permissions. That mismatch can cause the skill to obtain or encourage capabilities beyond what users and policy expect, reducing transparency and undermining least-privilege review. In a skill that guides MCP server development, hidden write/network-like capabilities are more concerning because they naturally lead to code generation, local project modification, and external service interaction.

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The declared description presents the skill as a development guide, but the behavior also encompasses connecting to arbitrary MCP servers, invoking their tools, parsing evaluation inputs, and running model-based evaluations. That gap is dangerous because users and reviewers may approve the skill expecting passive documentation assistance while it can drive active external interactions and tool execution against remote or local endpoints. In this context, hidden MCP connectivity materially increases risk of unintended data exposure, unsafe tool invocation, or execution against untrusted servers.

Missing User Warnings

Medium
Confidence
71% confidence
Finding
The HTTP transport example shows exposing an MCP endpoint over Express without any adjacent warning about authentication, transport security, or the fact that request contents may be transmitted to a remote server. In a skill meant to guide server creation, omission of these safeguards can lead developers to deploy an internet-reachable endpoint that accepts sensitive prompt/tool data without proper access controls.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide includes a resource example that reads `./docs/{name}` directly from user-controlled input without any discussion of path validation, canonicalization, or directory confinement. In a security-sensitive guide for building MCP servers, this can normalize unsafe file-access patterns and lead implementers to ship path traversal vulnerabilities that expose arbitrary local files.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
When an output path is provided, the script writes a report containing the original questions, expected answers, model summaries, feedback, and tool-call metadata to disk without any explicit warning, consent, or redaction step. In this evaluation harness, those fields can include sensitive prompts, proprietary test data, or secrets surfaced by tool interactions, so silent persistence increases the risk of unintended data retention and later disclosure.

Ssd 3

Medium
Confidence
98% confidence
Finding
The system prompt explicitly instructs the model to include the inputs provided to each tool and the outputs received from each tool in its summary. Because the resulting summary is collected into the evaluation results and may be printed or written to disk, this design directly encourages exfiltration of secrets, tokens, personal data, or other sensitive backend responses into logs and reports.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal