ClawHub

老子智能体

Security checks across malware telemetry and agentic risk

Overview

This Laozi chatbot is mostly purpose-aligned, but users should review it because it under-discloses third-party AI API data sharing and has conflicting “no API key” documentation.

Review before installing if you may ask sensitive questions or add private documents. Treat the app as a hosted-model chatbot: prompts, retrieved text, and conversation history may be sent to Hugging Face, and some scripts may require or use OpenAI APIs despite the no-API-key wording. Use only non-sensitive source documents unless the publisher adds explicit privacy disclosure, consent/local-only controls, and removes or documents the OpenAI code paths.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README states the skill uses the HuggingFace free inference API and even exposes an optional HF_TOKEN, but it does not clearly warn users that their prompts may be transmitted to a third-party service. This creates a real privacy and data-handling risk because users may assume the system is fully local or '无需 API Key,启动即用' means no external sharing occurs.

Vague Triggers

Medium
Confidence
76% confidence
Finding
Very broad trigger keywords can cause the skill to activate during ordinary discussion of Daoist topics, even when the user did not intend to invoke this agent. In a system with tool or network access, unintended activation increases the chance of unnecessary data processing, remote prompt transmission, or confusing persona-driven responses.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill states it uses a remote HuggingFace inference API but does not clearly warn that user prompts and retrieved context may leave the local environment. This is a real privacy and compliance issue, especially for users who may ask sensitive questions under the assumption that the system is a local RAG assistant.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The application sends user questions, retrieved context, and potentially conversation history to HuggingFaceHub for inference, but the interface does not clearly disclose that user content may leave the local environment. In a RAG chatbot with memory, users may input sensitive personal or proprietary information, making undisclosed third-party transmission a real privacy and data-governance risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script embeds local document contents using OpenAIEmbeddings, which transmits the text to an external API. If the source directory contains copyrighted, sensitive, or private notes, operators may unknowingly exfiltrate that content off-host because the script does not clearly warn about network transmission or require explicit confirmation.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal