ClawHub

Weaver E10 Api

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Weaver E10 workflow API helper, but it can create, approve, and reject business workflows using stored credentials without built-in confirmation controls.

Install only if you need agent-assisted Weaver E10 workflow automation. Use least-privileged Weaver credentials, restrict allowed users and workflows in Weaver where possible, protect the env file and token cache, avoid logging auth output, and require explicit human confirmation before running create, approve, or reject commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill declares only Bash as an allowed tool, but the documentation clearly describes capabilities involving environment-secret handling, local file read/write for .env and token cache files, and network access to OAuth2/API endpoints. This mismatch weakens the trust boundary and can mislead reviewers or policy engines about what the skill actually does, increasing the chance that sensitive credentials are exposed or external calls occur without adequate review.

Context-Inappropriate Capability

Low
Confidence
87% confidence
Finding
The script reads secrets from a hard-coded local path (/ollama/workspace/.env/weaver-e10.env), which expands its credential access beyond normal environment-variable use and can unintentionally pull in sensitive values from the host workspace. In an agent/skill context, fixed-path secret loading increases the chance of unauthorized credential use or cross-skill secret exposure if that file is present.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The CLI exposes approval and rejection actions that can change workflow state immediately without any confirmation prompt, dry-run mode, or secondary verification. In an automation setting, a mistaken invocation or prompt injection into an upstream agent could trigger irreversible business actions such as submitting approvals or returning requests.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal