ClawHub

obs

Security checks across malware telemetry and agentic risk

Overview

This OBS skill is purpose-aligned, but it should be reviewed because it handles powerful OBS credentials and destructive actions with weak guardrails and risky shell helper behavior.

Review before installing. Use a dedicated least-privilege OBS token, avoid putting the token in shell startup files, never paste full oscrc or OBS_* output into support chats or logs, and manually approve any delete, upload, rebuild, permission, or request accept/reject action. Prefer using this only in a test or non-production OBS namespace until the credential-handling warnings and shell helper issues are fixed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation explicitly instructs users to run `cat ~/.config/osc/oscrc` and `env | grep OBS_` to troubleshoot authentication. Those commands can expose API tokens or passwords in plaintext on screen, in shell history, terminal logs, screen recordings, or shared support transcripts, and the file provides no warning or safer alternative.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill advertises destructive and privileged operations such as deleting projects/packages, modifying access controls, accepting/rejecting requests, and managing permissions without prominent safety guidance, confirmation requirements, or least-privilege cautions. In an agent setting, this increases the chance that a user or autonomous workflow triggers irreversible administrative actions against a live OBS instance.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation instructs users to place API tokens in environment variables and an oscrc file, but it does not clearly warn about token sensitivity, local file permissions, shell history leakage, log exposure, or secure secret storage practices. In a tool or agent environment, this can lead to credential disclosure and subsequent unauthorized access to OBS projects and packages.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script appends the OBS API token in plaintext to the user's shell startup file, creating long-lived credential exposure. This increases the chance of accidental disclosure through backups, dotfile syncing, terminal support bundles, or other local processes/users that can read the file.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal