ClawHub

EdgeOne Pages Deploy

Security checks across malware telemetry and agentic risk

Overview

This deployment skill is mostly coherent, but it tells the agent to print tokenized access URLs in full, which can expose access-bearing links in chat logs and shared transcripts.

Review before installing. The skill does not appear malicious, but treat any EdgeOne deployment URL containing eo_token or eo_time as sensitive: do not paste it into public chats, issue trackers, logs, or screenshots. Only save the EdgeOne API token locally if you understand that it has account-level permissions and will be stored in plaintext under .edgeone/.token.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill explicitly requires the agent to reveal the full deployment URL including eo_token and eo_time query parameters, which appear to function as bearer-style access credentials. Displaying or logging credential-bearing URLs increases the risk of accidental disclosure through chat transcripts, logs, screenshots, browser history, and shared terminals.

Ssd 3

High
Confidence
99% confidence
Finding
This instruction mandates exposing a credential-bearing deployment URL in full, making the agent actively disclose a sensitive tokenized link. Because the parameters are required for access, anyone who obtains the URL may gain access to the deployed content, turning normal output handling into secret leakage.

Ssd 3

High
Confidence
99% confidence
Finding
The post-deployment output template tells the agent to show the full access URL containing tokenized query parameters back to the user. In a conversational agent setting, that behavior can permanently record access credentials in transcripts and observability systems, broadening exposure far beyond the intended recipient.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal