ClawHub

cloud189-storage

Security checks across malware telemetry and agentic risk

Overview

This is a Cloud189 file-access skill with no executable code, but it asks agents to collect and persist cloud access tokens with weak scoping and safeguards.

Install only if you specifically want an agent to access your Cloud189 account. Do not use it for generic cloud-storage requests unless Cloud189 is the intended provider, treat authorization codes, access tokens, thumbnail URLs, and download links as private secrets, and avoid persistent token storage unless you explicitly approve a trusted secure location.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill explicitly supports obtaining authentication tokens and file download links, both of which are sensitive operations, but it does not warn about credential handling, token secrecy, link sharing, or privacy implications. In a cloud-storage context, this increases the chance that an agent exposes secrets in chat history, logs, or to unintended recipients, leading to unauthorized file access.

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger logic is overly broad because it says to invoke this Cloud189 authentication flow even when the user only mentions generic cloud-drive file operations or API access. That can cause the agent to steer users into disclosing Cloud189 credentials or tokens for the wrong service, creating unnecessary credential collection and confusion around account scope.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs the agent to save the access token in memory or configuration for later use without clear limits on retention, storage location, or exposure risks. Persisting OAuth tokens in configuration or long-lived memory can lead to credential leakage, reuse by unintended workflows, or compromise if logs, files, or shared environments are accessed.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly requires the user's accessToken and instructs sending it to a remote API, but it provides no privacy or handling safeguards such as redaction, minimal retention, secure storage guidance, or warnings not to expose the token in logs. Because access tokens are bearer credentials, accidental disclosure or mishandling could let another party access the user's cloud files within the token's validity period.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill requires collecting and transmitting a user's accessToken, which is a sensitive bearer credential, but provides no guidance on minimizing exposure, masking, secure storage, or avoiding logs. In an agent setting, this increases the chance the token is echoed, persisted, or mishandled, enabling unauthorized access to the user's cloud files if leaked.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly instructs users to obtain and transmit an accessToken but does not include safeguards for handling this credential as sensitive data. Because the token grants access to a user's cloud storage, exposing it in browser tools, logs, chat transcripts, or copied curl examples could enable unauthorized access to files.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly instructs the user to obtain and provide an accessToken, but it does not include clear guidance to treat that token as a secret, avoid exposing it in logs/screenshots, or limit where it is pasted. Because the token is then sent in API requests and the workflow encourages use of browser developer tools, accidental disclosure could let another party access the user's cloud storage data within the token's validity period.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill explicitly tells the agent to collect a user-provided authorization code and then persist the resulting access token for later API use. This is sensitive credential handling: if the code or token is exposed in chat history, logs, memory, or configuration, an attacker or unrelated workflow could gain unauthorized access to the user's cloud storage.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal