ClawHub

k1-kzcloud-skill

Security checks across malware telemetry and agentic risk

Overview

The skill has a coherent CXO lookup purpose, but its login flow exposes account credentials and reusable tokens more broadly than users are warned about.

Review before installing. Use only if you trust the KZCloud endpoint and are comfortable entering credentials through this agent workflow. Avoid high-value accounts, do not share the printed token, and remove or rotate K1_KZClOUD_TOKEN after use. A safer version should prompt for passwords securely, keep TLS verification enabled, avoid printing tokens, and require explicit opt-in before persistent storage.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The script tells the user it is saving a token to an environment variable, but it also persists that token into the user's Windows user-level environment through PowerShell, making the credential survive beyond the current process. This increases exposure because other local processes, future shells, or user sessions may access the token without the user fully understanding that it was written persistently.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
A login helper normally authenticates and returns a session artifact, but this script additionally persists the access token to a user-wide environment variable via a subprocess. That expands the capability and attack surface because a bearer token is stored in a broad, relatively exposed location that may be readable by other local tools or accidentally leaked into logs, scripts, or child processes.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Accepting the password via a command-line argument exposes it to local process inspection, shell history, job control logs, and audit tooling on many systems. Even if intended for convenience, this can leak plaintext credentials to other local users or administrative monitoring systems.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script persists an authentication token to a user environment variable without warning or confirmation, despite bearer tokens granting access equivalent to the authenticated session. Silent persistence increases the chance of credential reuse, theft by local processes, or accidental disclosure in subsequent tooling and scripts.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs the agent to persist an authentication token in the environment variable K1_KZClOUD_TOKEN, but does not provide clear user warning, scoping, lifetime, or storage-safety guidance. Environment variables are often inherited by subprocesses, exposed in logs/debug output, or retained longer than intended, which can lead to credential theft and unauthorized API access.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal