ClawHub
Back to skill

Security audit

redmine-tools

Security checks across malware telemetry and agentic risk

Overview

This Redmine CLI skill is sensitive but its Redmine access, issue updates, credentials, and optional image upload to a configured AI endpoint are documented and user-directed.

Install only if you trust this script with your Redmine API key. Use a least-privileged Redmine key, review update commands before running them, and use the image command only when sending those attachments plus issue ID, subject, filename, and description to the configured model provider is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill description says it fetches, updates, and summarizes Redmine issue attachments, but the implementation also retrieves full issue objects with journals and can update issue status and notes. This is a scope expansion beyond attachment handling that can expose or modify broader issue data than users may reasonably expect, increasing the risk of unintended data access and state-changing actions.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The image summarization flow sends attachment contents as data URLs plus issue metadata such as issue ID, subject, filename, and description to an external OpenAI-compatible API. This creates a clear data exfiltration path that is not reflected in the stated Redmine attachment CLI purpose, and can leak sensitive ticket contents, screenshots, or internal context to a third party.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The code adds an external AI service integration that is not obvious from the declared Redmine tooling purpose, introducing a new trust boundary and outbound data flow. Even though HTTPS is enforced, the integration still enables sensitive attachment data to leave the Redmine environment and be processed by an external service, which can violate confidentiality and compliance expectations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal