ClawHub

huazhuhelper

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but its default examples can send OAuth bearer tokens over plain HTTP and expose part of a token in logs.

Review before installing. Use only test credentials with the default test configuration, avoid sending production tokens to the default HTTP business endpoint, do not paste long-lived secrets into chat or source files, and remove token printing before running this in shared terminals, CI, or production.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The skill sends authenticated API requests to the test business endpoint over plain HTTP while using a Bearer token obtained via OAuth2. Even in a test environment, transmitting tokens and hotel-query traffic without TLS allows network attackers to intercept or modify requests and responses, undermining the stated security model.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The module is presented as an OpenAPI hotel client, but its default business domain is an insecure HTTP test URL. Because this insecure URL is embedded as the default in reusable code, consumers may unknowingly deploy it and send Bearer tokens over cleartext, enabling interception or tampering.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The skill instructs users to provide clientId and especially clientSecret, but gives no guidance on secure handling, storage, redaction, or avoiding exposure in logs and chat transcripts. In an agent skill context, this increases the chance that long-lived credentials are pasted into conversational systems or saved insecurely.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The example code prints a portion of the access token, which normalizes exposing authentication material in console output and logs. Partial token disclosure can still aid correlation, debugging leakage, or accidental retention in CI logs and shared terminals, especially when combined with other metadata.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal