ClawHub

Douyin Local Food

Security checks across malware telemetry and agentic risk

Overview

This is mostly a local Douyin restaurant-operations helper, but its advertised data-analysis command returns fixed sample metrics instead of analyzing the user’s file.

Review before installing if you need reliable analytics. Treat the analyze command as sample output unless the publisher updates it to parse real files. Avoid storing passwords or API tokens in the config, and install dependencies in a virtual environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The analyze_data function advertises data analysis but ignores the provided data_file and returns fabricated hard-coded metrics. In an operations tool, this can mislead users into making business decisions based on false results, creating integrity and trust risks even though it is not a code-execution flaw.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The docstring explicitly says the function should read real data, but the implementation never does so and only emits a canned report. This discrepancy increases the risk of deceptive behavior because users and downstream agents may trust the output as if it were derived from actual inputs.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are very broad generic business and marketing terms, so the skill may activate in conversations where the user did not specifically request this specialized agent. Over-broad activation can cause unintended context capture, inappropriate tool suggestions, or execution of business-analysis workflows on unrelated prompts, increasing the chance of data mishandling or confusing agent routing.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal