ClawHub

smartbi-cli

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly aligned with Smartbi CLI automation, but it asks for broad live BI authority, can fetch arbitrary external documentation links, and supports persistent tokens in local config without enough guardrails.

Install only if you trust the Smartbi CLI package and the configured sdk-server. Prefer tokenEnv over plaintext token storage, keep ~/.smartbi/config.yaml out of synced or committed folders, and review any operation before allowing calls that create, modify, delete, export, or publish BI data. Be cautious with documentation links because the skill may fetch external URLs automatically.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill’s declared purpose is mapping BI intents to Smartbi CLI operations, but it also instructs the agent to fetch arbitrary external URLs found in documentation links via WebFetch. That expands the trust boundary beyond the Smartbi CLI/doc system and can expose the agent to prompt injection, data exfiltration attempts, or unintended outbound requests from attacker-controlled documentation.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The WebFetch capability is broader than the skill’s stated Smartbi CLI intent-routing function and is not tightly scoped to a specific trusted source. A malicious or compromised document could include links that cause the agent to retrieve unrelated external content, increasing the attack surface without a clear operational need.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger conditions are very broad and say BI-related requests should default to invoking this skill, which can cause the agent to over-activate the workflow for loosely related prompts. In practice this increases the chance of unnecessary CLI execution, unintended access to configured Smartbi environments, and accidental disclosure or modification actions under an overly permissive routing policy.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The reference explicitly documents a plaintext `token` option in `~/.smartbi/config.yaml` and even provides an example of storing `token: "your-token"` on disk, but it does not include a clear warning about local secret exposure, file permission hardening, backups/sync leakage, or preference to avoid persistence where possible. In a CLI skill that handles live authentication to a remote BI service, this increases the chance that users will place reusable credentials in an unencrypted config file that may later be read by other local users, malware, shell tooling, or accidental commits.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal