ClawHub

Rrbdagent

Security checks across malware telemetry and agentic risk

Overview

This RRBD API automation skill is mostly purpose-aligned, but it embeds and stores login credentials in plaintext and can use real account access without clear safeguards.

Review before installing. Remove hardcoded credentials, rotate any exposed account password, disable plaintext password persistence, and require explicit confirmation before any delete, withdrawal, or video-creation action. Use only in an environment where sending RRBD account data and video scripts to the configured backend is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (47)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill documents network access and local file reads/writes but does not declare permissions, which weakens the security boundary and informed-consent model for skill execution. In this context the omission matters because the skill also handles authentication data and automation against a real backend, so undeclared capabilities can hide sensitive behavior from reviewers and users.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented behavior goes materially beyond a generic API-assistant description by collecting credentials, persisting them locally, maintaining local memory, accessing account data, and describing scripts with hardcoded credentials. This mismatch increases the chance that users or a host platform will invoke the skill without understanding its sensitive data handling and account-impacting operations.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The code writes the supplied username and password into config.json in plaintext for future logins. Persisting reusable credentials locally creates a clear secret-exposure risk if the file is read by another local user, included in backups, committed to source control, or exfiltrated by malware; in an admin-oriented skill this can directly enable unauthorized API access.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The script contains hard-coded credentials and performs an account login directly in code, which creates an embedded privileged access path unrelated to a general natural-language task runner. Anyone with access to the skill source or logs can reuse those credentials, and the capability enables unauthorized API access if the account is valid.

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The script contains hard-coded credentials (`'18098901246'`, `'123456'`) and uses them to authenticate automatically. Embedding secrets in source code is dangerous because anyone with repository, package, log, or artifact access can recover and reuse them, potentially gaining unauthorized access to the associated account and any connected admin/API capabilities.

Context-Inappropriate Capability

Low
Confidence
80% confidence
Finding
The skill persists conversational memory and usage history to a local file without clear necessity, retention limits beyond recent videos, or user consent. Local plaintext persistence can expose user activity and potentially sensitive metadata to other local users, backups, or later compromise of the host environment.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The script contains hardcoded credentials and automatically uses them to authenticate to an account. This exposes secrets to anyone with file access, enables unauthorized API use if the code is reused or leaked, and is especially risky in an agent skill because it can perform backend actions without explicit per-user authentication.

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The script hardcodes a username and password directly in source code, which creates an immediate secret exposure risk if the repository, logs, screenshots, or packaged artifacts are accessed by unauthorized parties. In an admin-oriented automation skill, embedded credentials are especially dangerous because they can enable direct account compromise and unauthorized API operations.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The script hardcodes a username and password directly in source and then uses them to authenticate, exposing credentials to anyone with repository or artifact access. In an agent skill that performs administrative API actions, embedded credentials materially increase the risk of unauthorized account access and misuse beyond a mere demo convenience.

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The script hardcodes a username and password directly in source code and immediately uses them to authenticate. Embedded credentials are easily leaked through source control, logs, screenshots, package distribution, or developer workstation compromise, and in an agent skill that performs administrative API actions this can enable unauthorized access to backend systems.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The script reads default credentials from configuration and performs an authenticated login automatically, which creates a built-in path to access protected remote data without explicit user-supplied credentials or consent. In an agent skill context, this is risky because the capability is embedded in code and could be invoked to retrieve administrative or sensitive data beyond what a user would reasonably expect from a simple utility script.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The script reads default credentials from a local config file and uses them to automatically authenticate and access protected API data. Hardcoded or bundled default credentials in an agent skill expand the blast radius of compromise, enable unintended access if the skill is invoked without explicit user authorization, and create credential exposure risk if the config is leaked or reused across environments.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger conditions are broad enough to capture generic support, system-status, and troubleshooting requests that may be unrelated to this skill's intended scope. Overbroad activation raises the risk of accidental invocation, unintended API calls, and unnecessary collection of user credentials or account data.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill states that phone number and password will be automatically saved to a configuration file without a strong warning, consent flow, or secure storage guarantees. Storing credentials locally in this way materially increases the risk of credential theft, reuse across systems, and long-term exposure if the host environment is compromised or shared.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill advertises deletion and financial actions such as deleting videos and applying for withdrawals, but does not document confirmations, anti-misclick protections, or other safeguards for irreversible or sensitive operations. In a natural-language workflow, ambiguous phrasing or prompt confusion can easily trigger harmful account changes.

Missing User Warnings

High
Confidence
99% confidence
Finding
The password is stored to disk without a meaningful warning that credentials will be retained locally, and the console message implies success rather than risk. This weak secret-handling practice increases the chance of silent credential compromise, especially because this skill appears to operate against an RRBD admin environment where captured credentials may grant privileged access.

Missing User Warnings

High
Confidence
99% confidence
Finding
The code authenticates to a remote service using hardcoded phone-number/password credentials with only generic console messages, giving no meaningful disclosure, consent, or control to the user. This is dangerous because it silently exercises real account access and exposes reusable secrets in the codebase, which could be abused for unauthorized access or account compromise.

Missing User Warnings

High
Confidence
99% confidence
Finding
This is a true security issue, not merely a UX problem, because the code directly logs in with embedded static credentials and gives no indication that privileged access is being exercised. In the context of an agent skill intended to perform API calls and automation for an admin project, hard-coded login details materially increase the risk of credential theft, silent misuse, and unintended privileged operations.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script pulls default credentials from configuration and uses them automatically for network authentication, then prints the username to the console. In an agent skill context, this enables unattended privileged actions and increases the risk of credential misuse, accidental disclosure in logs, and unauthorized API access if the skill is invoked by an untrusted user or in a shared environment.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script reads default credentials from local configuration and immediately performs an authenticated login to a remote service without any interactive consent, warning, or runtime confirmation. In an agent-skill context, this enables silent use of a privileged account and can cause unauthorized remote actions under stored credentials, especially if triggered by a user who is unaware the skill will act on an external account.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The code sends the video title and script text to a remote API for video generation without clearly warning that this content leaves the local environment. In a conversational agent setting, users may provide sensitive or proprietary text, and silent external transmission can lead to privacy, confidentiality, or compliance issues.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script reads default credentials from configuration and automatically uses them to authenticate, then proceeds to perform privileged API actions. In an agent skill context, this creates a real risk of unintended account use, credential exposure through logs or config leakage, and unauthorized actions being executed without explicit operator consent.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill stores recent video metadata and memory contents to a local JSON file without notifying the user. Even if credentials are not explicitly written here, titles, timestamps, and generated video URLs may reveal sensitive business activity or private content, and silent storage increases privacy risk in shared or monitored environments.

Missing User Warnings

High
Confidence
98% confidence
Finding
The code logs into an account using embedded credentials without any user-facing disclosure, which hides the use of privileged access from the operator. In a conversational automation skill, this creates a covert-authentication pattern where users may trigger actions under a shared or developer-controlled account without understanding the security or privacy implications.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script authenticates to a remote endpoint using username and password loaded from local configuration, which means plaintext credentials are being handled and transmitted by the skill without any user disclosure, consent flow, or safety checks. In an agent skill context, this is risky because the code can silently perform authenticated actions against an admin-related API, and any compromise of config handling, logs, or endpoint trust could expose privileged access.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal