ClawHub

API Key Guardian

Security checks across malware telemetry and agentic risk

Overview

This secret-scanning skill mostly matches its purpose, but its optional AI mode includes an embedded API-key-like credential and sends scan metadata to a local HTTP service without enough disclosure.

Review the source before installing. Basic local scanning is purpose-aligned, but avoid --ai unless you trust the local OpenClaw/model gateway and are comfortable sending finding metadata such as file paths and line numbers. The embedded API-key-like value should be removed and replaced with a user-provided credential before normal use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill manifest declares no permissions, yet the described and inferred behavior includes reading files, invoking shell commands, and making network requests. This creates a transparency and policy-enforcement gap: users and the platform cannot accurately assess or constrain what the skill may do before execution.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill claims to scan repositories for leaked secrets, but the analysis indicates it also sends data to a local HTTP service for AI analysis and contains a hardcoded exposed API key. A security tool that itself embeds or transmits sensitive data can worsen the very risk it is supposed to mitigate, especially if scanned content or discovered secrets are forwarded without strict controls.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The code embeds a plaintext API key directly in the source for an outbound AI request. Hardcoded credentials are highly sensitive because anyone with code access can extract and abuse them, leading to unauthorized API use, billing impact, and possible compromise of connected services.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The tool is presented as a local secret scanner, but optional AI mode transmits scan-derived findings to an HTTP service. Because findings may contain sensitive filenames, line numbers, and possibly partially masked secrets, this creates an unexpected data exfiltration path that is especially dangerous in a tool meant to protect secrets.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The AI analysis sends scan findings over HTTP to a local endpoint without any user-facing disclosure at execution time about data transmission. Even if the endpoint is localhost, many local proxies, model gateways, or containers forward data elsewhere, so silent transmission of security scan output is a meaningful privacy and security concern.

Missing User Warnings

High
Confidence
99% confidence
Finding
A hardcoded API credential is used for an outbound request with no disclosure or safe credential handling. This compounds two risks: credential exposure in source control and covert use of external service access from a security-sensitive tool.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal