ClawHub

Xiaozhi Recycle Order

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it creates real external recycling orders using personal contact/address data and includes a recoverable built-in API secret.

Review before installing. Only use this with explicit user confirmation for each order, assume the listed contact/address/device data will be sent to the Xiaozhi/Bearhome API, and avoid installing until the publisher removes the embedded app secret or documents why this shared credential is authorized and safe.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill clearly instructs use of a Python script that performs authenticated REST API calls, which is a network-capable action, yet the skill metadata shown here does not declare corresponding permissions. Undeclared network capability weakens transparency and review controls, making it easier for sensitive user data to be transmitted externally without explicit governance.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The script embeds a recoverable fallback app secret using trivial XOR obfuscation, which is not meaningful protection. Anyone with access to the skill code can extract the credential and use it to impersonate the application against the recycle-order API, potentially creating unauthorized orders or abusing the vendor account.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill collects and sends highly sensitive personal data including name, phone number, and full address to an external recycling platform, but the markdown provides no explicit privacy notice, consent language, retention information, or data-sharing warning. This creates a real privacy and compliance risk because users may disclose personal data without understanding it will be transmitted to a third party.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The API reference explicitly documents collection and transmission of personal data including name, mobile number, and full address, but provides no privacy notice, data-handling guidance, consent requirements, or minimization expectations. In this skill context, the omission is more significant because the documented purpose is creating real recycling pickup orders, so users are likely to submit live PII to a third-party platform.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This code sends personally identifiable order data such as name, mobile number, and full address to a remote third-party API without any explicit disclosure, consent flow, or visible notice at the point of transmission. In a skill that collects household pickup details, that creates privacy and compliance risk because users may not understand that their data is being transferred off-platform to an external service.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal