ClawHub

MantisBT Manager

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a legitimate Mantis administration helper, but it exposes high-impact admin actions and token-handling behavior that should be reviewed before installation.

Install only if you intend to let the agent administer a real Mantis instance. Use a least-privilege API token, avoid broad administrator tokens where possible, do not ask the agent to reveal tokens, and require explicit human confirmation before deletes, password resets, token creation, impersonation, configuration changes, or cross-instance actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README documents high-risk capabilities such as password resets, API token generation, configuration changes, impersonation, and broad CRUD operations, but it does not instruct the agent to require explicit confirmation or warn users before executing destructive or sensitive actions. In an agentic context, this increases the chance of unintended privileged changes, account takeover actions, or irreversible modifications being performed from ambiguous prompts.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill documents destructive actions such as deleting issues/projects/users without requiring confirmation or warning the operator about irreversible effects. In an agent setting, this increases the chance of accidental or socially engineered destructive actions being executed immediately against a live Mantis instance.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation encourages handling runtime tokens and even showing token information in context displays, but it lacks a strong privacy warning or prohibition on exposing secrets. In a conversational agent, this can normalize secret disclosure and lead to leakage of bearer tokens through chat output, logs, screenshots, or prompt injection-induced exfiltration.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill describes impersonation via the X-Impersonate-User header without warning about authorization boundaries, audit implications, or abuse risks. In this context, the capability can let an agent perform actions as another user if the token has sufficient privileges, amplifying the impact of prompt injection, operator error, or misuse.

Ssd 3

High
Confidence
98% confidence
Finding
The skill explicitly instructs the agent to show the currently resolved token in responses, even if partially masked. Any instruction to surface active authentication material materially increases secret exposure risk, especially in chat transcripts, logs, telemetry, or when an attacker can induce context-reporting behavior. Because this skill supports dynamic instance and token switching, leaked tokens may grant direct administrative API access across multiple Mantis environments.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal