ClawHub

new-api-usage

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed, read-only usage checker, but users should only run it against trusted HTTPS endpoints because it sends an API key to the chosen server.

Install only if you intend to query a new-api deployment you trust. Use HTTPS, verify the base URL, prefer a limited or revocable API key, and remember that command-line arguments and URL query parameters can appear in shell history, process listings, server logs, or proxy logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill performs outbound network access to user-specified endpoints but does not declare any permissions, creating a transparency and policy-enforcement gap. Even though the documented use is legitimate and read-only, undeclared network capability can enable unexpected data egress, SSRF-like access to internal services, or calls to untrusted hosts if the skill is invoked with attacker-controlled inputs.

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The usage request includes the API key in the URL query string even though the same key is already sent in the Authorization header. Query parameters are commonly logged by proxies, web servers, browser history, observability tools, and upstream infrastructure, so this unnecessarily increases the chance of credential disclosure.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script transmits the API key in the request URL without any warning to the user that their credential may be exposed in logs and monitoring systems. Because this skill explicitly asks users to supply a `--base-url` and `--key` to an arbitrary endpoint, the context makes the issue more dangerous: a user could send a live secret to an untrusted or misconfigured service where URL logging is enabled.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal