ClawHub

Byted Viking Developer

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Viking SDK helper, but several copy-paste examples normalize unsafe handling of credentials, sensitive memory data, and mutating operations.

Review examples before copying them into production: use HTTPS/TLS wherever possible, protect AK/SK and API keys with a secrets manager, avoid logging full memory/session responses or temporary links, verify filters before update/delete tasks, and do not send sensitive documents, images, prompts, or user profiles unless your privacy and retention requirements allow it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (52)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The document explicitly instructs users to replace the public domain with a PrivateLink endpoint domain and states that the endpoint only supports HTTP, not HTTPS. Even on a private network, HTTP removes transport encryption and weakens confidentiality and integrity guarantees, exposing requests and responses to interception or tampering by compromised internal hosts, misconfigured network devices, or lateral-movement adversaries.

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The sample code hardcodes `r.set_shema("http")`, directly embedding insecure transport into integration guidance. Developers commonly copy documentation examples verbatim, so this pattern propagates plaintext transport into production clients and normalizes insecure defaults for authenticated API calls.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The example initializes an authenticated client with scheme="http", which disables transport encryption for requests to the service. Because the same sample also configures AK/SK-based authentication, this can expose credentials and sensitive API traffic to interception or modification by any network adversary, especially if users copy the example verbatim.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The sample code explicitly sets the request schema to "http" and then sends an authenticated request, while the surrounding API documentation does not clearly justify or constrain this to a signing-only internal detail. In practice, readers may copy the example verbatim, causing signed requests and potentially sensitive metadata to traverse the network without transport encryption, enabling interception or tampering.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The document states that requests must use an HMAC-SHA256 Authorization header, but the sample code uses a Bearer API key instead. This mismatch can cause developers to implement the wrong authentication scheme, leading to failed requests, insecure integrations, or accidental deployment of weaker or unsupported auth handling if they mirror the example directly.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The documentation states the API requires an HMAC-SHA256 Authorization header, but the example code uses a Bearer API key. This inconsistency can cause developers to implement the wrong authentication scheme, leading either to failed authentication, accidental weakening of access controls in downstream integrations, or insecure ad hoc workarounds when the documented and sample behaviors do not match.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The document states that requests use an Authorization header with HMAC-SHA256, but the only concrete example uses APIKey auth and does not demonstrate the documented signing flow. This inconsistency can cause developers to implement the wrong authentication method, leading to failed integrations, weakened trust assumptions, or accidental use of less appropriate auth patterns in production.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The document states that requests use an HMAC-SHA256 Authorization header, but the Python example uses an APIKey auth object over plain HTTP and does not show the required signing flow. This inconsistency can cause developers to implement weaker or incorrect authentication, leading to failed requests, accidental credential exposure, or insecure integrations if they assume the example is authoritative.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The page claims to document a bulk delete task (`filter_delete`), but the example and API usage describe an update flow instead. In an SDK integration context, this kind of semantic mismatch can cause developers to perform the wrong destructive or mutating operation in production, leading to integrity loss or unintended data modification.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The inline comment explicitly says '创建更新任务' on a page for `FilterDelete`, confirming that the sample code was copied from an update scenario. Such contradictory guidance increases the risk that developers will trust the page title while copying code that performs a different operation, causing accidental data mutation or failed safety review of destructive workflows.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
This workflow uploads documents, performs remote retrieval, and sends query/context data to external cloud services, but the documentation does not clearly warn users that potentially sensitive content will leave their environment. In a developer integration guide for knowledge base and RAG workflows, this omission can lead to accidental exfiltration of proprietary or regulated data by users who treat the sample as routine local processing.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The example retrieves knowledge-base content and concatenates it into a system prompt that is then sent to the chat completion API, but the documentation does not clearly warn that retrieved document text may be transmitted to a model endpoint. In a developer-facing SDK reference, this omission can cause accidental disclosure of sensitive, proprietary, or regulated data because implementers may copy the sample without adding data-classification checks, consent, or minimization controls.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation encourages sending query text, prior conversation history, and image URLs/Base64 content to the search API without clearly warning that these inputs are transmitted to remote knowledge base and model-side processing services. In an SDK integration context, developers may unknowingly pass sensitive user data, creating privacy, compliance, and data-handling risks.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The get_attachment_link option returns temporary links that expose attachment content, but the documentation does not clearly warn about the sensitivity of those links or the risk of sharing/logging them. Developers may treat them as harmless metadata and inadvertently leak access to protected attachments through logs, client-side exposure, or message sharing.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The example configures the SDK with `scheme="http"` while the documented API returns highly sensitive session data including raw messages, event memories, token usage, and user/assistant identifiers. Sending authenticated requests over cleartext HTTP can expose API credentials and conversation contents to interception or modification by network attackers, and the documentation provides no warning that this is unsafe or for local/testing use only.

Missing User Warnings

High
Confidence
99% confidence
Finding
This sample shows credentials being used to create an authenticated client and then sending requests over plain HTTP without any warning. Plain HTTP allows eavesdropping and tampering, so AK/SK and subsequent service operations may be exposed on the network; in SDK reference documentation, this is especially dangerous because developers often treat examples as authoritative and production-ready.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The example initializes the client with scheme="http", so authentication material and memory contents are sent to a remote service without transport encryption. Because the code also uploads conversation sessions and user profile data, this creates a real risk of credential leakage, interception of personal data, and tampering via man-in-the-middle attacks.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
示例代码在签名鉴权场景下将请求协议显式设置为 HTTP(r.set_shema("http")),会把包含 Authorization 签名头的请求明文发送到网络上。即使不是直接传输 AK/SK,攻击者也可窃听或篡改请求、重放已签名请求,且文档未给出任何必须使用 HTTPS、保护密钥和避免硬编码凭证的安全警示,容易导致开发者照抄进入生产代码。

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The sample code explicitly sets the request schema to "http" while using HMAC-signed authentication headers, causing signed requests and potentially sensitive configuration data to be transmitted without transport encryption. HMAC protects integrity/authentication but does not provide confidentiality, so an attacker on the network path can observe request contents, metadata, and replay-relevant details or manipulate traffic in ways the documentation does not adequately warn about.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The sample code explicitly sets the request scheme to HTTP while attaching an HMAC-signed Authorization header. Although the signature protects request authenticity, plaintext transport still exposes request metadata and response contents to interception or tampering via downgrade/MITM conditions, and it encourages insecure integration by developers copying the example verbatim.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation shows AK/SK credentials embedded directly in source variables, without any warning about secure secret handling. Even though placeholders are used, developers commonly copy such patterns into production code, which can lead to hardcoded credentials being committed to repositories, leaked in logs, or reused insecurely across environments.

Missing User Warnings

High
Confidence
99% confidence
Finding
The example performs a live network request over cleartext HTTP while including an Authorization HMAC-SHA256 header. Even if the secret key itself is not sent directly, the authenticated request, headers, and payload can be observed or modified by an attacker on the network, undermining confidentiality and potentially enabling replay or request manipulation depending on server-side protections.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation shows AK/SK variables inline in executable sample code without any warning against hardcoding secrets. Developers commonly paste such examples into applications, tests, notebooks, or repositories, increasing the risk that long-lived credentials are stored in source control, logs, or shared environments.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The API description and example response show that event-memory search can return original conversation transcripts, ratings, identifiers, and linked media URLs, but the document does not warn users that responses may contain sensitive personal or confidential content. Without explicit guidance, developers may log, expose, or over-broaden access to highly sensitive memory data in downstream systems.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The sample code explicitly sets scheme="http" while using API-based authentication to access a memory retrieval service. This can expose authentication material, request contents, and retrieved memory data to interception or tampering by any network attacker on the path, and the skill context makes this more dangerous because the endpoint handles memory/profile data that may contain sensitive user information.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal