ClawHub

Vibbit SKILL

Security checks across malware telemetry and agentic risk

Overview

This Vibbit skill is a coherent API wrapper, but it uses broad activation rules and can send or fetch user-provided media URLs without tight controls.

Install only if you want matching media-generation and video-analysis requests to use Vibbit by default. Use a scoped Vibbit API key if available, keep VIBBIT_BASE_URL pointed at a trusted endpoint, and avoid providing confidential prompts, private media, signed URLs, localhost links, or intranet URLs unless you are comfortable sharing or exposing them to Vibbit services.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill declares access to environment variables and clearly instructs the agent to invoke a CLI that performs outbound network requests, but it does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: reviewers and users may not realize the skill can access secrets like VIBBIT_API_KEY and send data off-box to external services.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill will fetch arbitrary user-supplied URLs and, if the auxiliary API fails, directly download remote content to inspect it. That creates a server-side request capability and data egress path beyond the declared Vibbit task wrapper, which can be abused to contact internal services, access sensitive network locations, or exfiltrate private URLs to third parties.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The code sends user-provided material URLs to an undeclared external endpoint (tools.vibbit.ai) and also supports direct downloads of those URLs. This expands the skill's data-sharing and network access beyond the stated five OpenAPI capabilities, creating undisclosed third-party exposure and SSRF-like behavior inconsistent with least privilege.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger guidance uses broad phrases such as generic requests to generate an image or list avatars and says to prioritize this skill proactively even when the user does not mention Vibbit. That can cause the agent to route unrelated requests into this skill, leading to unintended external API calls, disclosure of user content to third parties, and use of the user's API key without sufficiently explicit consent.

Vague Triggers

Medium
Confidence
97% confidence
Finding
The first-interaction rule tells the agent to proactively activate on simple greetings like 'hi' or 'hello' and inject a feature pitch. This is classic overbroad activation behavior that can hijack normal conversation flow and steer users into a networked skill before they have expressed a relevant intent, increasing the chance of accidental data sharing or confusing behavior.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
At these call paths, material URLs are automatically probed and may be transmitted to external services without any visible warning or consent prompt. In this skill context, users may reasonably expect Vibbit task submission, not that arbitrary media URLs they provide will be fetched by the runtime or shared with a separate endpoint.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal