ClawHub

Ptengine Heatmap Analyze

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says: install/configure Ptengine’s CLI and use it to analyze Ptengine heatmap analytics, with some disclosure and guardrail gaps to review.

Install only if you intend to use Ptengine heatmap data and are comfortable installing ptengine-cli and configuring a Ptengine API key locally. Prefer the included install.sh wrapper over the curl-to-shell example, verify the API key’s permissions, and avoid sharing logs or prompts that contain credentials or sensitive analytics data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Output HandlingUnvalidated Output Injection, Cross-Context Output, Unbounded Output
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
83% confidence
Finding
The skill instructs use of shell capabilities without any declared permissions boundary, which weakens reviewability and can enable unexpected command execution paths. In this context the risk is amplified because the workflow includes installation and configuration of an external CLI, so operators may run shell steps that were not explicitly permission-scoped.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill presents itself as a data-analysis tool but its described behavior includes installing a remote CLI and exposing configuration-related actions, which is a trust-boundary mismatch. Users may invoke it expecting passive analysis while it performs system-changing actions and handles sensitive credentials, increasing the chance of unintended code execution or secret exposure.

Vague Triggers

Medium
Confidence
78% confidence
Finding
Overly broad trigger phrases can cause the skill to activate for generic analytics requests, pulling users into a workflow that may run shell commands, request API keys, or install software when they did not intend to use this tool. The danger is higher here because accidental invocation is not merely a UX issue; it can lead to privileged local actions and credential collection.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The skill constrains output to a fixed language set and defaults to English without requiring an explicit user preference. This can override the user's chosen language or platform locale expectations, causing policy/compliance issues and degraded usability, but it does not create direct code-execution or data-exfiltration risk.

Natural-Language Policy Violations

Medium
Confidence
94% confidence
Finding
The instruction to write the entire report in the target language operationalizes the earlier language restriction and may force a locale even when the user did not request it. In this skill context, the issue is policy and UX misalignment rather than a traditional security exploit, but it can still lead to non-compliant or inaccessible outputs.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation instructs users to configure an API key and query remote analytics data but provides no security guidance on secret handling, least-privilege use, or the sensitivity of site analytics being transmitted to an external service. In an agent skill context, this omission increases the chance that operators expose credentials in shell history, logs, screenshots, or shared environments and mishandle potentially sensitive behavioral analytics.

Unbounded Output

Medium
Category
Output Handling
Content
**For redirect** (campaign_type === "redirect"):
- Different URL per version — entire page differs; `abTest` records are absent by design
- ALL blocks from BOTH versions are comparison points (no filtering, no truncation)
- Derive `strategy` by comparing `contentSummary` across versions at equivalent positions
- MUST hedge with uncertainty language for every content assertion:
  - CN: 「据截图显示,该区块似乎…」
Confidence
84% confidence
Finding
no truncation

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal