ClawHub
Back to skill

Security audit

1688-ranking

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do the advertised 1688 lookup work, but it needs review because it stores reusable 1688 tokens in a shared local cache without explicit permission hardening.

Review before installing. Use a least-privileged 1688 app/token, avoid shared or untrusted machines, protect or periodically delete ~/.openclaw/workspace/skills/.1688_token_cache.json, and avoid running scripts/auth.py directly unless token output is removed or masked.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill declares environment variables and describes file-based token caching plus outbound API calls, but it does not declare corresponding permissions. This creates a transparency and governance gap: operators may not realize the skill can read secrets, write shared cache files, and transmit data over the network, which weakens review and containment.

Intent-Code Divergence

Low
Confidence
79% confidence
Finding
The documentation claims each skill is independently authenticated while also stating all 1688 skills share a single fixed token cache file. Shared authentication state across skills breaks isolation boundaries and can let one skill influence or reuse another skill's session material, increasing the blast radius of compromise or misconfiguration.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The code persists both access_token and refresh_token to a shared global cache file under the user's home directory for all 1688 skills. If file permissions are too broad, another local process, user, or skill in the same workspace could read or reuse these credentials, and refresh tokens are especially sensitive because they enable long-lived account access.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.