ClawHub

云主机询价小能手

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real cloud price comparison skill, but it handles cloud access keys in a risky way and disables TLS verification for Baidu API requests.

Review carefully before installing. Use only least-privilege or temporary read-only pricing credentials, avoid pasting administrator cloud keys into chat, inspect the referenced sibling setup scripts before running them, and treat Baidu-side results and credential transport as unsafe until TLS verification is restored.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Tainted flow: 'req' from os.environ.get (line 407, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
method="POST",
    )
    ctx = ssl._create_unverified_context()
    return json.loads(urllib.request.urlopen(req, timeout=15, context=ctx).read().decode())


def query_bcc_prices(ak, sk, bcc_host, bcc_spec, bcc_zone, bcc_disk_display, disk_size, bandwidth, bandwidth_type):
Confidence
91% confidence
Finding
return json.loads(urllib.request.urlopen(req, timeout=15, context=ctx).read().decode())

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill asks users to provide raw cloud Access Keys and Secret Keys without clear secure-handling guidance, increasing the likelihood that highly sensitive credentials are pasted into chat or logs. If exposed, these credentials could enable unauthorized access to cloud resources, billing abuse, and data compromise across the user's cloud account.

Missing User Warnings

High
Confidence
99% confidence
Finding
The code explicitly creates an unverified SSL context and uses it for Baidu Cloud API requests, disabling certificate validation. This allows man-in-the-middle interception and response tampering, which is especially dangerous because the requests carry signed cloud API authentication material and pricing results are trusted downstream.

Ssd 3

High
Confidence
99% confidence
Finding
The skill explicitly instructs the agent to solicit raw cloud credentials in natural language and then use them in setup commands. This is highly dangerous because conversational channels, logs, transcripts, debugging tools, or downstream integrations may capture the secrets, enabling full compromise of the user's cloud tenancy depending on account privileges.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal