ClawHub

Infoxmed Qr Generator

Security checks across malware telemetry and agentic risk

Overview

This QR-code generator does its advertised job, but it asks for an API password and stores it persistently in unsafe local places.

Install only if you are authorized to generate Infoxmed VIP activation QR codes. Configure the API password through a secure secret store yourself, avoid letting the agent echo or persist it in shell profiles, and review all generated parameters before any API call.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill explicitly instructs the agent to solicit a password from the user and persist it into shell profile files or Windows user environment settings. This exceeds the stated QR-generation purpose and creates long-lived credential exposure risk, especially because shell profiles are broadly accessible to future processes and may be backed up, synced, or disclosed unintentionally.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The overview states behavior focused on API invocation and local file saving, but the body later expands into local environment modification and credential setup flows. This scope expansion is dangerous because a user invoking a QR generator would not reasonably expect the skill to alter persistent system configuration or handle secrets directly.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger description relies on broad keyword matching such as mentions of infoxmed or membership QR codes, which can cause the skill to activate in contexts where the user did not intend credentialed API actions. Because this skill can touch secrets and make external requests, accidental invocation increases the chance of unintended data transmission or prompting for sensitive information.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The 'When to Use' section repeats ambiguous keyword-based activation guidance without strict boundaries, increasing the odds of unintended execution. In a skill that can request and store credentials, even benign over-triggering becomes materially risky because it may lead to unnecessary secret handling and external API calls.

Missing User Warnings

High
Confidence
97% confidence
Finding
The instructions tell the agent to collect a password and store it persistently, but they do not provide a meaningful warning about the security consequences of writing a secret into profile files or user environment settings. This is dangerous because users may unknowingly allow durable credential storage in locations readable by other tools, scripts, or support workflows.

Ssd 3

High
Confidence
99% confidence
Finding
The skill directly instructs the agent to ask for a password and then permanently store that secret in shell startup files or Windows user environment variables. This creates a persistent secret-handling anti-pattern and meaningfully increases exposure through process environments, dotfile leakage, backups, terminal history-adjacent workflows, and later compromise of the host account.

VirusTotal

VirusTotal findings are pending for this skill version.