ClawHub

Stove Public Api

Security checks across malware telemetry and agentic risk

Overview

This is a read-only Stove market-data helper, with a documented custom endpoint option that users should treat carefully.

Reasonable to install for Stove Protocol public market-data queries. Use the default production or documented QA endpoints, and avoid setting --base-url to arbitrary or untrusted hosts unless you intentionally want the helper to query that endpoint.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The skill is presented as a read-only public market data client, but it explicitly allows `--base-url` to override the trusted Stove endpoint and send requests to an arbitrary host. In a network-permitted skill, this expands behavior from querying a specific public API into a generic outbound HTTP client, which can be abused for SSRF-like access to internal resources, data exfiltration, or policy bypass if downstream agents trust the skill description.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The script is described as a helper for Stove Protocol public APIs, but `--base-url` allows callers to redirect requests to any host. In an agent or automated workflow, this can enable SSRF-style access to unintended internal or attacker-controlled endpoints, and the returned JSON is then treated as trusted API output. The network permission makes this more significant because the skill can initiate outbound requests beyond the documented Stove domains.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal