message-hub Security Report — Low Risk | ClawSafe

20 /100

message-hub

Message Hub - AI Team Message Hub Client for async collaboration

A legitimate message-hub Python client that uses network requests for hub communication, with minor documentation gaps (undeclared network permission, example API keys in docs) but no malicious behavior detected.

Skill Namemessage-hub

Duration49.7s

Enginepi

✓

Safe to install

Declare network:READ in SKILL.md allowed-tools if the skill is intended to use the requests library. Replace example API key placeholders in README.md with clearly-labeled placeholder strings. Fix the syntax error in hub_client.py line 211.

Findings 3 items

Severity	Finding	Location
Low	Undeclared network resource usage Doc Mismatch SKILL.md does not declare any allowed-tools permissions. The Python code uses the requests library to make HTTP requests to a configurable hub URL, which maps to network:READ capability. This is not declared in the skill metadata. `self.session.request(method, url, json=data, timeout=30)` → Add 'allowed-tools: [Read]' or explicitly declare network:READ in SKILL.md frontmatter if network access is intended.	`hub_client.py:77`
Low	Example API key patterns in documentation Doc Mismatch README.md contains hardcoded-looking API key patterns (sk_xb_xxxxxxxxxxxxxxxx, sk_xj_xxxxxxxxxxxxxxxx) in example configuration blocks at lines 29, 47, and 134. While these appear to be example placeholders with redacted characters, hardcoding credential patterns in docs can normalize dangerous practices. `MESSAGE_HUB_API_KEY="sk_xb_xxxxxxxxxxxxxxxx"` → Use clearly labeled placeholder syntax like YOUR_API_KEY_HERE or <YOUR_API_KEY> instead of sk_x* patterns.	`README.md:29`
Low	Syntax error prevents CLI from running RCE hub_client.py line 211 uses add_argument() outside the argparse block, which is a NameError that prevents the CLI from executing. The code will fail at import/parse time. `add_argument("--priority", default="medium", choices=["high", "medium", "low"],` → Move the line inside the parser argument configuration block or prefix it with parser.	`hub_client.py:211`

Resource	Declared	Inferred	Status	Evidence
Network	`NONE`	`READ`	✓ Aligned	hub_client.py:77 — self.session.request(method, url, json=data, timeout=30)
Filesystem	`NONE`	`NONE`	—	No file read/write operations in code
Shell	`NONE`	`NONE`	—	No shell command execution
Environment	`NONE`	`READ`	✓ Aligned	hub_client.py:54 — os.getenv reads MESSAGE_HUB_URL, MESSAGE_HUB_API_KEY, MESSAGE…

3 High 3 findings

🔑

High API Key 疑似硬编码凭证

API_KEY="sk_xb_xxxxxxxxxxxxxxxx"

README.md:29

🔑

High API Key 疑似硬编码凭证

api_key="sk_xb_xxxxxxxxxxxxxxxx"

README.md:47

🔑

High API Key 疑似硬编码凭证

api_key="sk_xj_xxxxxxxxxxxxxxxx"

README.md:134

File Tree

4 files · 26.4 KB · 891 lines

Python 2f · 576L Markdown 2f · 315L

├─ 🐍 hub_client.py Python 288L · 9.6 KB

├─ 🐍 message_hub.py Python 288L · 9.6 KB

├─ 📝 README.md Markdown 260L · 5.9 KB

└─ 📝 SKILL.md Markdown 55L · 1.2 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`requests`	`*`	pip	No	Version not pinned; requests is used for core network functionality (legitimate)

Security Positives

✓ No shell execution, no subprocess calls, no os.system or popen usage

✓ No credential harvesting or environment variable enumeration for exfiltration

✓ No base64 encoding, obfuscation, or eval/atob patterns

✓ No sensitive file access (~/.ssh, ~/.aws, .env reading for theft)

✓ No curl|bash, wget|sh, or remote script execution

✓ No reverse shell, C2, or data exfiltration endpoints

✓ No hidden HTML instructions or prompt injection payloads

✓ HMAC signature uses API key legitimately for message authentication only

✓ API key is used only for X-API-Key header, not transmitted to third parties

✓ requests library version is unpinned but has no known critical vulnerabilities at time of analysis

Scan Report

Findings 3 items

File Tree

Dependencies 1 items

Security Positives