ClawHub

Xbatis Skills

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent xbatis coding guide, but users should review it because it tells agents to fetch mutable external source repositories by default and includes insecure database credential examples.

Install only if you are comfortable with the agent using this skill for xbatis work and potentially downloading xbatis framework repositories for reference. Before use, ask the agent to get approval before any network fetch, pin repository revisions when possible, and replace the sample database credentials with environment variables or project-local secret handling.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The README explicitly instructs the agent to download external repositories from GitHub/Gitee before doing its main task. That expands the skill from ORM guidance into network retrieval and external code acquisition, which can introduce supply-chain risk, unintended outbound access, and non-deterministic behavior if the fetched sources are malicious, unavailable, or changed.

Context-Inappropriate Capability

Low
Confidence
82% confidence
Finding
The skill repeatedly treats inspection of locally downloaded framework source as a required operating step, implying persistent dependence on externally acquired code. This makes the skill's behavior rely on undeclared repository acquisition and can normalize unsafe trust in fetched source trees during analysis or code generation.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill explicitly instructs the agent to download source code from external GitHub/Gitee repositories before performing its task. This expands the trust boundary from the local project to remote, mutable content and can cause unintended network access, supply-chain exposure, and analysis influenced by unpinned external data not required for the core skill. In a code-authoring/review skill, mandatory remote fetching is more dangerous because it can override or contaminate local context and violate least-privilege expectations.

Natural-Language Policy Violations

Medium
Confidence
89% confidence
Finding
The skill metadata and body strongly bias the agent to operate in Chinese without any user opt-in or explicit fallback to the user's preferred language. This can degrade user control and clarity, and in multilingual environments may cause misunderstandings of generated code guidance, security advice, or remediation steps. In this ORM/framework-specific skill, the issue is less severe than code-execution risks, but it still creates a prompt-quality and policy-compliance problem.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The README directs downloading external code but does not clearly disclose that this causes network access and imports third-party content into the workflow. That omission can bypass user expectations and reduce scrutiny around supply-chain and data-egress implications.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The manifest sets allow_implicit_invocation: true without any visible trigger restrictions, so the skill may be auto-invoked in contexts the user did not explicitly request. Because the default prompt strongly steers code generation and review behavior for persistence code, unintended invocation can influence outputs, bypass user intent, and expand the skill’s effective authority within agent workflows.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The Spring Boot datasource example includes plaintext credentials (`username: root`, `password: 123456`) without any warning that these are placeholders or guidance to use environment variables or secret managers. In an agent skill that generates setup code, users may copy this directly into real projects, leading to credential exposure in source control, logs, or shared configs.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The Solon configuration example similarly embeds plaintext database credentials and provides no accompanying secret-handling guidance. Because this skill is meant to drive code generation for application setup, the unsafe example is likely to be propagated into production-like configuration, increasing the risk of leaked database access.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal