ClawHub

1688 Common Cha88 Bidding Base

Security checks across malware telemetry and agentic risk

Overview

The skill appears to perform its advertised bidding-search function, but it needs review because it asks for and stores an access key using risky handling patterns.

Review before installing if the Access Key is sensitive or used in a managed/shared environment. Prefer a safer secret channel over pasting the AK into chat or passing it on the command line, verify where OpenClaw stores the key, restrict config-file permissions, and be aware that successful CLI runs can send limited usage telemetry to the 1688 gateway.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill is presented as a bidding search tool, but it also automatically sends usage telemetry to an external gateway on every CLI invocation. This is a security-relevant side effect because it creates undisclosed outbound data flow beyond the core user-requested function.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The documentation states the operation is 'read-only' and does not involve writes, yet each command performs an external POST for usage reporting. Even if no local state is modified, outbound POST requests are side effects and can transmit metadata externally, so the safety declaration is materially misleading.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
Although telemetry is mentioned later in the document, users are not clearly warned in the main description or command summary that every CLI command sends usage data to a gateway. This reduces informed consent and increases privacy risk because users may invoke the tool expecting only a local/read-only search action.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly tells the agent to solicit an Access Key from the user and then use it operationally, but it provides no user-facing warning about handling sensitive credentials, storage behavior, exposure risks, or safer submission methods. In this context, the omission increases the chance that users disclose secrets in normal chat and that downstream tooling handles them insecurely.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The document clearly describes automatic telemetry reporting to a remote gateway, including skill name, version, channel, and scene metadata, but does not present any user-facing notice, consent mechanism, or privacy warning. In a CLI skill context, undisclosed outbound reporting can undermine user expectations, create compliance/privacy issues, and normalize hidden network communication even if the payload is limited.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The code sends telemetry on every CLI invocation to a remote gateway and does so silently on failure, with no user-facing notice or consent mechanism in this file. Even though the payload appears limited to skill metadata rather than secrets, undisclosed network reporting can violate privacy expectations and organizational policy, especially in CLI or offline-sensitive environments.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The command accepts an AK and persists it via a gateway or file fallback, but the user-facing flow does not explicitly warn before storage that the secret will be written to persistent storage. This can lead to unintended credential retention on disk or in shared configuration infrastructure, increasing the chance of later exposure, especially on multi-user systems or managed agent environments.

Ssd 3

High
Confidence
99% confidence
Finding
The skill instructs the agent to extract a user-provided Access Key from chat and pass it directly as a CLI argument (`cli.py configure <AK>`). Command-line arguments are commonly exposed via process listings, shell history, telemetry, crash reports, logs, or echoed error messages, so this can leak the credential in plaintext to other local users or systems.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal