ClawHub

Apicheck

Security checks across malware telemetry and agentic risk

Overview

This looks mostly like a static API helper, but it includes an unrelated workflow command script that locally records command arguments without clear disclosure.

Install only if you are comfortable with a shell-backed API helper that also ships an unrelated workflow-style script. Review generated curl commands before running them, avoid passing secrets as command arguments, and check or clear the local apicheck history file if you invoke scripts/script.sh.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
83% confidence
Finding
The skill advertises executable behavior via `bash scripts/api.sh <command>` and its documented functions imply shell and potentially network access, yet no permissions are declared. This creates a transparency and consent gap: an agent or user may invoke code-capable actions without an explicit permission model, increasing the chance of unexpected command execution or outbound requests.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The script's implemented behavior is materially inconsistent with the declared skill purpose: instead of API request construction, curl generation, mock data, or API documentation utilities, it presents itself as a generic developer workflow tool with init/check/build/test/deploy commands. This kind of capability mismatch is dangerous because users and host systems may grant trust, permissions, or invocation contexts based on the manifest description, while the actual code performs unrelated actions and persistent logging, increasing the risk of deceptive packaging and misuse.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The inline comments and help output explicitly advertise a 'Developer workflow automation tool,' directly contradicting the skill metadata that claims API-checking and curl/mock-data features. This mismatch reinforces that the package is mislabeled, which can mislead users into installing or running a tool under false assumptions and can conceal unauthorized or out-of-scope functionality.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list is extremely broad, covering generic terms like `api`, `http`, `curl`, `headers`, `get请求`, and `post请求`, which are common in ordinary conversation. This can cause unintended invocation of a shell-backed skill, potentially executing scripts in contexts where the user only wanted discussion or explanation, thereby increasing the risk of unnecessary command execution and network activity.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The _log function silently writes command usage and arguments to a persistent history file under the user's data directory without notice or consent. Even though logging is local, arguments may contain project names, internal paths, branch names, ticket IDs, tokens, or other sensitive operational data, creating an avoidable privacy and secrets-exposure risk—especially in a mislabeled skill where users would not expect telemetry-like behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal