ClawHub

iFind http API

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate iFinD API helper, but it gives the agent broad credential-backed API access and stores a long-lived token locally.

Install only if you are comfortable letting the agent access your iFinD account page, retrieve a refresh_token, store it locally, and use it for API requests. Prefer preset commands, review any raw endpoint name and payload before it runs, use a virtual environment for dependencies, and remove or rotate the stored token when you no longer need the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
96% confidence
Finding
The skill instructs the agent to use shell, network access, and local file read/write, including credential storage, but does not declare permissions or require explicit capability scoping. This increases the chance of over-privileged execution and makes sensitive actions like browser login, token storage, and API calls less auditable and easier to invoke without clear user consent boundaries.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The `endpoint` subcommand accepts an arbitrary endpoint name and attacker-controlled JSON payload, then forwards both directly to the underlying QuantAPI caller. In a skill advertised for specific reusable wrapper operations, this creates a broader-than-documented capability surface that can invoke unintended remote actions, access unreviewed API methods, or bypass safer preset flows and validation.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The script automatically loads a stored refresh token and performs remote API requests without any user-visible notice that local credentials will be used and data will be transmitted to an external service. In an agent skill context, this can cause silent credential-backed actions or data disclosure that the user did not explicitly authorize, especially when combined with the arbitrary endpoint mode.

Credential Access

High
Category
Privilege Escalation
Content
## Token storage policy

- Storage path: `~/.openclaw/skills/ifind/credentials.json`
- File permission target: owner read/write only (`600` on POSIX)
- The store script writes the file and tightens permissions automatically.
- The request script reads the refresh_token from that file unless `IFIND_REFRESH_TOKEN` is already present in the environment.
Confidence
91% confidence
Finding
credentials.json

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal