ClawHub
Back to skill

Security audit

DeBox Community

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it claims for DeBox community checks, but it ships an API-key-like config file and under-explains privacy and credential risks.

Review before installing. Delete or replace the bundled config.json, use your own DeBox API key via an environment variable or secret manager, and rotate any key that may have been published. Only run lookups or batch verification for users/wallets you are authorized to check. Use --image only if local image files and remote avatar fetching are acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (13)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The package manifest includes image-processing libraries (`canvas` and `sharp`) that are not aligned with the stated purpose of DeBox community membership verification and analytics. These are complex native modules with install scripts and broad transitive dependency trees, which unnecessarily expand the attack surface and create supply-chain and native code execution risk during installation or runtime.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill fetches a remote avatar URL and writes both a temporary file and a generated output image to disk, which expands the attack surface beyond simple community verification. Because the avatar URL comes from external profile data, this creates an SSRF-style outbound request primitive and local file-write behavior that are not constrained or clearly justified by the core skill purpose.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
This section documents collection of personal profile data and community activity data, including nickname, wallet address, levels, and praise metrics, without any privacy notice, consent guidance, or data handling limitations. Because these data points can be used to profile individuals across communities and wallets, the omission increases the chance of misuse, over-collection, or non-compliant processing.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The batch verification workflow processes multiple wallet addresses from a file but provides no warning about the privacy and operational risks of bulk user-data processing. Bulk handling materially increases impact in the event of misuse, accidental disclosure, unauthorized screening, or insecure file storage because many users can be profiled at once.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The tutorial explicitly recommends storing the DeBox API key in a plaintext `config.json` file, which increases the chance of accidental disclosure through source control, backups, shared directories, or local compromise. Because this skill manages community/DAO verification workflows, exposed API credentials could let an attacker query DeBox data or abuse the associated application quota and permissions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The API reference documents multiple endpoints that expose user-linked wallet, membership, profile, voting, lottery, and praise data, but it provides no privacy, consent, or appropriate-use warning. In an agent skill context, this omission makes it more likely that an assistant will query and correlate behavioral data without sufficient user awareness, enabling privacy-invasive use and overcollection.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code retrieves an attacker-influenced remote avatar URL and writes the response to a local temporary file without explicit notice or strong safeguards. This can be abused for unintended outbound connections, resource exhaustion, and unsafe local file handling, especially because the temp filename is fixed and the download path is not validated.

Ssd 3

Medium
Confidence
95% confidence
Finding
The example request contains a realistic credential-like `X-API-KEY` value, which may be copied, reused, indexed, or echoed by an AI agent in responses or logs. Even if the token is only illustrative, presenting it in live-looking form normalizes unsafe secret handling and creates avoidable disclosure risk.

Ssd 3

Medium
Confidence
95% confidence
Finding
The same credential-like API key fragment is repeated in another example, increasing the chance that downstream tools or agents memorize and surface it. Repetition amplifies the exposure and trains users to treat secret material as sample text that can be shared freely.

Ssd 3

Medium
Confidence
95% confidence
Finding
This additional example again embeds a realistic API key fragment, compounding the risk of accidental disclosure through copy-paste, prompt context retention, or model output. In an agent-oriented skill, embedded credential-like values are especially risky because assistants may quote examples verbatim when helping users construct requests.

Ssd 3

Medium
Confidence
95% confidence
Finding
Another sample command includes the same realistic API key fragment, creating continued risk that the value will be propagated into logs, tutorials, prompts, or generated client code. The cumulative effect of multiple occurrences makes inadvertent disclosure more likely and broadens the exposure surface.

Ssd 3

Medium
Confidence
95% confidence
Finding
The lucky-draw example repeats the credential-like key yet again, reinforcing unsafe handling patterns and increasing the probability that an agent will reproduce it verbatim. If valid, this could permit unauthorized API access; if invalid, it still creates a secret-disclosure anti-pattern in a sensitive integration context.

Ssd 3

Medium
Confidence
95% confidence
Finding
The moment praise example contains the same credential-like key fragment, extending the exposure into yet another section of the reference. Because AI assistants often reuse nearby example text when answering users, this raises the risk of credential disclosure and improper secret propagation.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal