ClawHub

久吾智能体

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims, but it sends potentially sensitive document text/files and a bearer token to a hard-coded plain-HTTP internal endpoint with limited user-facing disclosure.

Install only if 192.168.1.213:5000 is your intended trusted Jiuwu service and you are comfortable sending document contents and a JIUWU_CORE_TOKEN over plain HTTP on that network. Use a limited, revocable token and avoid submitting confidential, regulated, or third-party documents unless your organization has approved this service and its data handling.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill documentation indicates capabilities to read environment variables, access local files, and send data over the network, but no explicit permissions are declared. That creates a transparency and policy-enforcement gap: users or the host platform may not realize the skill can access sensitive tokens and transmit file contents to an external service.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger description is broad enough to activate on many generic document-analysis requests, which can cause the skill to be selected in situations the user did not specifically intend. Because this skill sends text or files to an external API, over-broad matching raises the chance of unintended disclosure of sensitive content.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The markdown instructs sending user-provided text and uploaded files to an external API but does not present a user-facing warning about third-party transmission, data sensitivity, or confidentiality risks. In the stated contexts—contracts, requirements, and document review—the material is often sensitive, so silent exfiltration to an external service materially increases privacy, compliance, and confidentiality risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The text-analysis path sends arbitrary user-provided content to a remote HTTP API with no explicit consent prompt, sensitivity warning, or transport-security guarantee. This can expose confidential contract, requirement, or review content to a network service, and because BASE_URL uses plain HTTP, the data may also be intercepted in transit.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The file-analysis path uploads local files to a remote API without any user-facing warning, confirmation, file-type restriction, or sensitivity screening. In this skill context, users may submit contracts and internal documents, so silent external upload creates a meaningful risk of confidential data disclosure; the use of plain HTTP further increases interception risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal