ClawHub

CDISC Library API Skill

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate CDISC API helper, but it handles local credentials in an under-scoped way that users should review before installing.

Install only if you are comfortable with a skill that contacts the CDISC API using a local API key, caches API responses, and can read batch query files or write exports when invoked. Prefer setting CDISC_API_KEY in your environment instead of putting secrets in TOOLS.md, and avoid installing it in workspaces where TOOLS.md contains unrelated API keys.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill documentation indicates capabilities to read environment variables, read and write local files, and make network requests, but it does not declare permissions or clearly bound those actions. This creates a transparency and consent problem: users or hosting platforms may not realize the skill can access secrets, process local files, or persist exported/cache data, increasing the chance of unintended data exposure or policy bypass.

Tp4

High
Category
MCP Tool Poisoning
Confidence
84% confidence
Finding
The declared purpose focuses on querying CDISC standards, but the documented behavior also includes reading API keys from TOOLS.md or environment variables, batch-reading local files, exporting local files, cache management, and querying documents/rules. This mismatch can mislead reviewers and users about the actual trust boundary and side effects, making it easier for sensitive file access or data persistence features to be enabled without informed consent.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The client explicitly searches a repository-level TOOLS.md file for an API key, which is credential harvesting beyond the minimum needed for this functionality. In an agent or shared workspace context, this can silently consume secrets intended for other tools and create unintended credential access paths without clear user consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README instructs users to place an API key into a local documentation file (`TOOLS.md`) but gives no guidance about keeping that file out of version control, restricting permissions, or using environment variables/secret stores instead. This creates a realistic risk of accidental credential exposure through commits, screenshots, backups, or sharing the repository with others.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill advertises CSV/JSON export and batch processing of a user-supplied file without warning that it will create local files and read local content. In practice, this can lead to accidental disclosure of sensitive local data, unsafe file-path handling, or unexpected persistence of regulated clinical metadata on disk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code reads credentials from TOOLS.md without any user-facing notice, confirmation, or audit signal, so users may not realize the skill is accessing repository secrets. In a multi-skill or agent environment, that hidden secret access increases the chance of unauthorized or surprising use of credentials.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal