ClawHub

test202603131551

Security checks across malware telemetry and agentic risk

Overview

This commodity quote skill is coherent and not malicious, but users should handle the Octagon API key carefully and treat market commentary as informational.

Install only if you trust OctagonAI and are comfortable running its MCP server through npx. Store the Octagon API key securely, avoid committing MCP config files, and treat the skill's price analysis as market information rather than financial or trading advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The setup document provisions a general-purpose Octagon MCP instance exposing tools for broad market intelligence, web scraping, and deep research, which exceeds the stated commodity-quote skill scope. This violates least privilege: a user enabling this skill may unknowingly grant an agent access to much broader data retrieval and external interaction capabilities than expected.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This finding is a true issue. The referenced section provides trading signals and position-management guidance such as 'bullish continuation,' 'follow momentum,' and 'consider profit-taking' without a clear disclaimer that the material is informational only and not financial advice. In a skill explicitly designed to retrieve real-time commodity quotes, this increases the chance that users treat the content as actionable investment guidance, creating consumer-harm, compliance, and trust risks.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The instructions tell users to place the API key directly into shell command strings and JSON config files without warning about shell history, process listing, shared config files, or accidental check-in to version control. This increases the likelihood of credential leakage, which could allow unauthorized use of the Octagon account and any associated data access or billing consumption.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal