ClawHub

BOM与SOP校对

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real BOM/SOP comparison tool, but it needs review because it can retain sensitive manufacturing data and send files through Feishu using broad local credentials.

Install only if you are comfortable with BOM/SOP files being cached locally, some derived data and reports being retained, and result files potentially being uploaded and sent through Feishu. Ask the publisher to make retention opt-in, isolate cache data per user/task, use scoped credentials, validate recipients, and require explicit confirmation before external sends.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (17)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill documentation includes direct Feishu API calls using app credentials and uploading local files, which is a clear external transmission path unrelated to simple spreadsheet comparison. If implemented, this enables exfiltration of user-provided documents and metadata to an external service using locally available credentials.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
Sub-agent spawning and background command execution introduce execution and isolation risks beyond the stated comparison task. These mechanisms expand the attack surface by allowing asynchronous processing, command invocation, and weaker oversight over what files or arguments are passed into background jobs.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill documentation instructs direct use of Feishu external APIs with app credentials and outbound file delivery. For a BOM/SOP comparison skill, this expands privileges beyond local document processing into credential handling and network exfiltration, increasing the risk of unauthorized transmission of user files or secret leakage if the workflow is misused or logs are exposed.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill directs a spawned sub-agent to run a python3 command using file paths interpolated into a task string. Even if intended for concurrency, this broadens the attack surface from document comparison to indirect command execution, which can enable command injection, arbitrary script execution, or execution of unintended tooling if inputs or paths are influenced by users.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill's declared purpose is BOM/SOP comparison, but it additionally defines a direct Feishu API workflow for authentication, file upload, and proactive message sending. That expands the skill's authority from local document processing into outbound communication and credentialed API use, which increases abuse potential and violates least-privilege expectations for the stated function.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
The documented fallback flow introduces arbitrary shell and curl execution for a task that should primarily parse and compare spreadsheets. Shell-based external requests create opportunities for command misuse, secret exposure, unreviewed network egress, and unsafe handling of file paths or parameters if later implemented literally.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
The skill adds a background execution pattern that spawns sub-agents and instructs them to run a Python command with file path arguments. This materially increases risk because it enables asynchronous code execution, makes auditing harder, and may allow unsafe argument propagation or privilege expansion beyond a simple document-comparison workflow.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill performs outbound transmission of user-supplied files and text to Feishu, but the declared skill purpose only describes BOM/SOP comparison and report generation. This creates an undisclosed exfiltration channel for potentially sensitive documents, and the mismatch between manifest and behavior makes the capability especially risky because users and reviewers may not expect any third-party delivery step.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The script reads Feishu app credentials from a local sensitive config file and then uses them to authenticate external messaging actions unrelated to the stated comparison-only function. Accessing shared local credentials increases the blast radius: any invocation of this script can leverage organization messaging privileges to send files externally without proving the caller is authorized to do so.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The skill modifies and appends data to user-supplied SOP files but does not clearly warn users about mutation risk, output naming, or whether originals are preserved. In document workflows, silent modification can lead to accidental overwrite, integrity issues, or users distributing altered files without understanding the changes.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation states that BOM/SOP-derived data and historical results are cached and some are retained beyond task completion, but it does not provide users with clear retention, privacy, or deletion controls. This creates unnecessary exposure of potentially sensitive manufacturing data on local storage.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
Automatic ZIP extraction with temporary file creation is a meaningful processing step that can expand disk usage and expose embedded contents, yet the user is not clearly warned. Archive handling also increases risk of unsafe file paths, decompression bombs, or unexpected file types if not tightly constrained.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The script rewrites workbook internals and creates an output spreadsheet based on untrusted input, but it performs no output-path hardening and gives no strong safety guard around file modification behavior. In an agent skill context, this can lead to unintended file creation or overwrite in user-accessible locations if a caller supplies a sensitive --output-dir or if automation assumes non-destructive behavior.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill specifies retaining BOM-derived data weekly and keeping historical comparison results after completion, but does not clearly disclose retention, purpose limitation, or privacy implications to users. BOM/SOP files may contain proprietary manufacturing data, so unnecessary persistence increases exposure in the event of compromise, cross-user access, or accidental reuse.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly retains BOM-derived data and historical comparison results after task completion, but does not present a clear retention notice, user consent step, or retention limit aligned to necessity. Persisting operational file contents beyond immediate processing raises privacy and data-governance risk, especially if BOMs contain proprietary manufacturing information.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The fallback delivery path transmits files through Feishu APIs but does not clearly warn users that their documents will be uploaded and sent via an external service flow. In a document-processing skill, undisclosed outbound transfer of potentially sensitive manufacturing data increases privacy and compliance risk even if the destination is operationally legitimate.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script uploads a local file and can send accompanying text to Feishu without any explicit warning, approval step, or confirmation of recipient impact. In a document-processing skill, users may reasonably expect local comparison only, so silent transmission of generated or source documents can disclose confidential manufacturing data to unintended parties.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal