ClawHub
Back to skill

Security audit

Clawhub Skill

Security checks across malware telemetry and agentic risk

Overview

This skill appears useful for academic figure generation, but it needs review because its DashScope setup asks for OpenAI-named credentials and suggests plaintext key storage.

Install only if you trust the referenced npm package and understand where the API key is actually sent. Use a dedicated low-privilege DashScope key, avoid reusing an OpenAI key just because the variable is named OPENAI_API_KEY, and prefer an environment variable over a persistent plaintext config file unless you lock the file down carefully.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The skill claims to use Alibaba Cloud DashScope but instructs users to set OPENAI_API_KEY/openai_api_key, which is a provider mismatch and a real security risk. This can cause users to place sensitive credentials into the wrong tool or config location, leading to credential exposure, accidental cross-service use, failed requests, or unsafe debugging/sharing of secrets while trying to troubleshoot.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest advertises Alibaba Cloud DashScope as the backing service, but requests an OPENAI_API_KEY instead. This mismatch can mislead operators into supplying a more privileged or unrelated secret than necessary, creating a risk of credential exposure, mis-billing, or unintended data flow to a different provider than the one described.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation tells users to write an API key into a global config file but gives no warning about secret handling, file permissions, or the risks of persisting credentials on disk. In a CLI used for research workflows, users may copy these snippets verbatim, leaving long-lived credentials in plaintext files that can be exposed through backups, shared home directories, screenshots, dotfile syncing, or accidental publication.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal