ClawHub

Byted Bytehouse Slow Query

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims, but it runs an unpinned remote MCP server with ByteHouse credentials and the full local environment, so users should review it before installing.

Install only if you trust the upstream MCP server source. Prefer pinning the GitHub dependency to a reviewed commit, running with a read-only least-privileged ByteHouse account, using a clean environment containing only required BYTEHOUSE_* variables, and treating generated JSON reports as sensitive data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill documents use of environment variables, MCP access, and writing analysis results to local files, but it does not declare corresponding permissions or boundaries. This creates a transparency and governance gap: an agent or reviewer may underestimate the skill's access to credentials, database-backed data, and filesystem outputs, increasing the chance of unsafe invocation or data handling.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The activation criteria are broad keyword-style triggers such as '慢查询', '查询优化', and '性能分析' without clear constraints on tenant, environment, or user authorization. In an agent setting, this can cause the skill to activate for loosely related requests and retrieve or analyze database query history that may contain sensitive operational or business data.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation says the skill writes slow query lists, statistics, and optimization suggestions to files, but it does not warn that query text, identifiers, table names, literals, and access patterns may be sensitive. Persisting this data in JSON files can expose credentials, PII, business logic, or internal schema details if the workspace is shared, synced, or insufficiently protected.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script copies the full parent environment and explicitly passes it into a spawned MCP server process started from a remote GitHub source. This can expose sensitive credentials such as BYTEHOUSE_PASSWORD and any other unrelated secrets in the runtime environment to the child process, expanding the trust boundary and increasing the risk of credential leakage if the server or its dependencies are compromised.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal