ClawHub

yyl-test-skill

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Figma analysis and export skill, with normal token and file-output risks that users should manage carefully.

Install only if you are comfortable granting the skill access to the Figma files reachable by your token. Prefer a limited or temporary Figma token, avoid passing tokens on command lines, keep .env out of version control, export into a dedicated folder, and review generated assets/reports before sharing because they can contain private design content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill advertises and instructs use of environment variables, file writes, and network access, but does not declare any permissions or clearly bound those capabilities. This creates a trust and review gap: an agent or user may treat the skill as lower risk than it is, while it can still handle secrets, write local files, and call external APIs.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill is described as read-only analysis, but this function writes downloaded content to a caller-controlled local path. That mismatch matters because it expands the skill's effective capabilities from analysis into filesystem modification, creating overwrite and data-placement risk if invoked with sensitive paths.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The CLI supports saving API results to an arbitrary local file via --output, which contradicts the skill's read-only positioning. In an agent setting, this can be abused to write sensitive Figma-derived data or overwrite local files without the user understanding that the skill performs filesystem writes.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The authentication instructions encourage storing a Figma access token in an environment variable or appending it to a .env file, but provide no warning about secret handling, scope minimization, redaction, or avoiding accidental commits/logging. In a skill that performs networked API access and file operations, weak credential guidance increases the chance of token leakage and unauthorized access to Figma resources.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code writes Figma data to an arbitrary output path with no validation, no overwrite protection, and no warning. This is dangerous because a user- or agent-supplied path could clobber existing files or place potentially sensitive design data in unintended locations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal