ClawHub

Api Billing

Security checks across malware telemetry and agentic risk

Overview

This billing skill appears aligned with its purpose, but it handles sensitive cloud and API credentials with weak storage guidance and credential-like examples that need review before installation.

Install only if you are comfortable letting this skill read billing credentials and contact the named provider APIs. Use least-privilege billing/read-only keys, replace the example values with your own securely managed secrets, keep credential files outside source control with strict permissions, and do not treat Base64 as encryption.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill documentation describes reading credential files from the local workspace and making outbound requests to multiple third-party billing APIs, but it declares no permissions. That creates a transparency and least-privilege problem: users and policy engines are not clearly informed that the skill accesses sensitive local secrets and sends authenticated network requests.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The reference file includes concrete-looking access key and secret examples for cloud billing platforms, which are highly sensitive credential types and not necessary to explain a balance-query skill. Even if intended as placeholders, realistic-looking secrets can be mistaken for live credentials, copied into deployments, or indicate accidental disclosure of real secrets in documentation.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The document shows credential formats for multiple providers without any warning about safe secret handling, storage, rotation, or redaction. In a billing-related skill, users are likely to supply real cloud account credentials, so missing safety guidance materially increases the chance of credential leakage through logs, repos, screenshots, or prompt history.

Credential Access

High
Category
Privilege Escalation
Content
import json

# 凭证文件路径
CREDENTIALS_FILE = os.path.join(os.path.dirname(__file__), "..", "..", "..", ".volc_ak_sk.env")

def load_credentials():
    """从 Base64 编码文件读取火山引擎凭证"""
Confidence
93% confidence
Finding
.env"

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal