ClawHub

Better Auth

Security checks across malware telemetry and agentic risk

Overview

This auth setup skill is mostly coherent, but it includes copyable authentication examples with unsafe CORS and an admin-labeled route that does not actually enforce admin access.

Review before installing or using in production. The skill does not look malicious, but do not copy its auth route examples verbatim: replace reflected CORS origins with a strict allowlist, add real rate limiting for sign-in/sign-up/reset flows, and enforce server-side admin authorization before exposing any user list or admin API.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The setup summary explicitly states that rate limiting is included, but no rate-limiting middleware, per-route throttling, or provider-specific protection is actually configured anywhere in the instructions. In an authentication skill, this can mislead users into deploying login, signup, password reset, or OTP endpoints without brute-force and abuse controls, increasing exposure to credential stuffing, account enumeration, and resource exhaustion.

Intent-Code Divergence

Medium
Confidence
99% confidence
Finding
The code enables credentialed CORS on /api/auth/* while reflecting any Origin value back to the client via origin: (origin) => origin. For authentication endpoints, this effectively trusts arbitrary origins and can allow unauthorized cross-origin authenticated requests from attacker-controlled sites, undermining same-origin protections and exposing users to cross-site request abuse depending on browser and cookie settings.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
This is a real access-control vulnerability. The endpoint is labeled and structured as admin-only, but the authorization check is commented out, so any authenticated user can retrieve the full user list including identifiers and email addresses. In an authentication/reference skill, this is especially dangerous because developers may copy this example into production and assume the route is already safely restricted.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The CORS configuration reflects any requesting Origin while also allowing credentials, which effectively permits authenticated cross-origin requests from arbitrary websites. In an authentication integration, this can expose session-backed endpoints and sensitive user data to untrusted origins if browser cookie and origin conditions are met, especially because the surrounding comment implies a safer allowlist approach than what is actually implemented.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal