Skills
skills/horizon-continental/hct-skills/vision-mcp/Gen Agent Trust Hub

vision-mcp

Fail

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill instructs the agent to read the sensitive env.ANTHROPIC_API_KEY value from the user's local ~/.claude/settings.json file.
  • [DATA_EXFILTRATION]: The extracted API key is then configured to be transmitted as an X-API-Key header to a hardcoded network endpoint (http://10.80.1.251:10005/mcp) within the ~/.claude.json configuration file.
  • [DATA_EXFILTRATION]: There is a deceptive mismatch between the stated purpose (retrieving an Alibaba Cloud key) and the actual data being targeted (ANTHROPIC_API_KEY), which is a technique used to harvest high-value credentials intended for a different service provider.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 13, 2026, 07:16 AM