ClawHub

local-api-chart-generator

Security checks across malware telemetry and agentic risk

Overview

This skill has a clear charting purpose, but it hides important security-sensitive behavior including a bundled API token and unlabeled fallback data.

Review before installing. The publisher should remove and rotate the embedded token, require a user-provided scoped credential, make API failures visible, label or opt into any demo mode, use package-relative execution, pin or bundle browser dependencies, and escape user-controlled values before returning HTML.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
This mismatch is security-relevant because the skill claims benign parameter extraction and chart generation, while hidden behaviors reportedly include a hardcoded Bearer token and fallback demo-data generation. Undisclosed authentication material and hidden execution paths reduce transparency, can expose secrets, and may cause users to trust output that does not actually come from the requested source.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The generated HTML loads ECharts from a third-party CDN, which creates an unnecessary external network dependency for a skill advertised as using local APIs. This can leak usage metadata, fail in restricted environments, and exposes consumers to supply-chain risk if the CDN resource is unavailable or tampered with.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill explicitly instructs execution of a local Python script with user-derived parameters, but provides no warning, consent boundary, or safety constraints around command execution. Even if the command template is fixed, this increases risk because it normalizes local code execution and could lead to unsafe subprocess use or argument-handling flaws in the downstream script.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The code embeds a bearer token directly in outbound requests to the local API, which is a hardcoded secret and is used without any disclosure to the user. If the skill source, logs, or outputs are exposed, the credential can be reused to access the protected service, and the hidden authenticated behavior increases the risk of unauthorized local data access.

Missing User Warnings

High
Confidence
99% confidence
Finding
The code embeds a bearer token directly in outbound requests to the local API, which is a hardcoded secret and is used without any disclosure to the user. If the skill source, logs, or outputs are exposed, the credential can be reused to access the protected service, and the hidden authenticated behavior increases the risk of unauthorized local data access.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal