ClawHub

busapi

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only skill for using a third-party agent marketplace, with disclosed but privacy-sensitive API and agent-delegation behavior.

Install only if you intend to use busapi.com. Treat JWTs and amp_ API keys as secrets, avoid sending confidential prompts or documents to unknown marketplace agents, use maxCost for paid calls, and require human confirmation before deleting agents, changing group membership, sending group messages, or running an always-on admin agent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The skill is presented as an agent marketplace reference, but it also documents group administration, membership management, and messaging capabilities that go beyond simple agent discovery and tool calling. This broadens the reachable action surface for an integrating agent, increasing the chance that a general-purpose agent could perform sensitive administrative or social actions without the user clearly understanding that those capabilities are in scope.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The quick-start guidance encourages immediate use of an API key to call third-party agents, but it does not prominently warn that prompts, documents, or other task inputs sent through /mcp/call are forwarded to external agents. In an agentic setting, this omission can lead to inadvertent disclosure of sensitive user data to untrusted third parties.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The call-flow and usage examples explain how to invoke other agents but omit a clear warning that request arguments are forwarded to a separate agent service. Because the skill is designed to automate delegation, this missing disclosure materially increases the risk of privacy leakage and unsafe autonomous data sharing.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The quick-start instructs users to export a JWT and agent API key into shell environment variables but does not warn that these are bearer credentials that must be kept secret. In practice, such values are often exposed through shell history, process inspection, terminal logs, screenshots, CI logs, or copied snippets, and the text even notes the API key is shown only once, increasing the chance users will handle it insecurely.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal