ClawHub

nokey-vehicle-info

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-aligned for vehicle location/status lookup, but it handles vehicle access tokens and location data in an under-protected way that users should review carefully.

Install only if you trust the publisher and the listed vehicle API endpoints. Do not paste real tokens into shared chats, screenshots, or logs; avoid commands that print the cache; restrict or remove ~/.nokey_vehicle_info_cache.json when not needed; and rotate any token that may have been exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (10)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The README says the skill will auto-trigger whenever a user asks about vehicle location or status, but it does not define clear consent, scope, or identity checks before accessing sensitive telematics data. In a skill that handles precise location and vehicle state, broad triggering increases the risk of accidental disclosure or unauthorized querying.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation normalizes local caching of access tokens and vehicle tokens and remote transmission of those secrets to retrieve sensitive vehicle data, but it does not adequately explain the privacy implications. Because these tokens enable access to location and vehicle-condition data, weak privacy guidance increases the likelihood of credential mishandling and unauthorized tracking.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The shell example explicitly echoes both accessToken and vehicleToken to the terminal, which normalizes exposing bearer credentials in logs, scrollback, screenshots, and shared terminals. Because these tokens authorize access to live vehicle data, any accidental disclosure could let another party query sensitive vehicle information until the tokens expire or are revoked.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill instructs persistent storage of accessToken and vehicleToken in a predictable plaintext file under the user's home directory without requiring restrictive file permissions or secure storage. This creates a local secret-at-rest exposure: other local users, backup systems, malware, or support tooling may read the file and reuse the credentials to access vehicle telemetry.

Ssd 3

High
Confidence
98% confidence
Finding
The README instructs the assistant to ask for authentication tokens in conversation, save them locally, and reuse them in future interactions. Persisting bearer-style credentials outside a secure secret store creates a high risk of token theft, replay, and unauthorized access to vehicle location and status data.

Ssd 3

High
Confidence
99% confidence
Finding
The documentation explicitly tells users to print the full cached credential file and parse tokens from it, which exposes secrets in plaintext on-screen, in shell history, logs, recordings, and shared terminals. These tokens can then be reused to query sensitive vehicle data without the owner's consent.

Ssd 3

High
Confidence
100% confidence
Finding
The README embeds a full plaintext example of cached access and vehicle tokens and endorses storing them in a local JSON file. Even if illustrative, publishing realistic secret material trains insecure handling patterns and may expose live or reusable credentials if the sample is not synthetic.

Ssd 3

High
Confidence
99% confidence
Finding
The skill instructs the agent to ask users to paste raw authentication tokens directly into chat, using a delimiter format that encourages handling secrets in natural-language conversation. Chat transcripts, agent memory, analytics systems, and debugging logs often persist message contents, so this pattern materially increases the chance of credential leakage and reuse.

Ssd 3

High
Confidence
98% confidence
Finding
The example dialogue normalizes submitting credentials in-band and then retaining them for future use, which encourages unsafe operator behavior and increases the chance of secrets being copied, replayed, or retained in conversation history. In this skill's context, the tokens unlock access to precise vehicle location and condition data, making leakage especially privacy-sensitive.

Ssd 3

High
Confidence
99% confidence
Finding
The narrative explicitly directs long-term retention of sensitive tokens in a local cache and reuse across future requests, which is a direct instruction to persist user secrets beyond the immediate transaction. Persistent reuse of bearer credentials expands the attack window and compounds the impact of endpoint compromise, transcript exposure, or local file disclosure.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal