ClawHub

万智牌卡牌查询服务

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill mostly behaves like a Magic card lookup wrapper, but it asks for and persists an external API key while carrying unrelated Gaokao/XBY configuration that makes the credential scope unclear.

Install only if you trust Xiaobenyang and are comfortable giving this skill an XBY API key that will be saved locally in .env. Prefer using a limited or disposable API key if available, avoid running it from a repository where .env might be committed, and review/remove the stale Gaokao-related configuration before relying on it in a sensitive environment.

SkillSpector (7)

By NVIDIA

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill advertises no declared permissions, yet its documented behavior clearly requires environment access, file read/write, and network use for API-key handling and external API calls. This permission/capability mismatch undermines least-privilege review and can cause users or hosting platforms to grant trust without understanding the actual access required.

Description-Behavior Mismatch

Medium
Confidence
78% confidence
Finding
The skill description says it is for MTG card lookup/search, but the documented tools also include an image-generation feature ('活字乱刷'). This scope mismatch can mislead users and reviewers about what the skill can do, increasing the chance that broader functionality is used without informed consent or proper safety review.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The configuration module contains logic for a different service domain (XBY/Gaokao) and handles an unrelated API key, which is a strong indicator of code reuse or hidden functionality inconsistent with the declared Magic: The Gathering query service. In this context, bundling credential persistence for an unrelated external service increases the risk of unauthorized secret collection, misuse of user-provided keys, and supply-chain trust violations.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
This code can persist an external API key to a local .env file and process environment even though that behavior is not aligned with the stated purpose of a card-information lookup service. Persisting secrets locally without clear necessity or user awareness creates a real risk of credential exposure, accidental check-in, and covert credential retention.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to solicit a user API key and persist it via `set_api_key()` without describing storage protections, scoping, masking, rotation, or consent boundaries. Storing user-provided credentials insecurely can lead to credential disclosure, reuse across sessions, or unintended access to the user's external account.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The skill directs the agent to directly display raw API data to the user without validation or filtering. Even for a card-search service, raw responses may contain unexpected fields, error traces, internal identifiers, links, or untrusted text that could leak sensitive information or enable downstream prompt/content injection in consuming interfaces.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The function writes API keys to .env and environment variables without any user-facing disclosure, confirmation, or security controls. Silent credential persistence increases the chance that users unknowingly leave secrets on disk where they may be exposed through backups, logs, repository commits, or other local processes.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal