ClawHub

AI 代码安全审查

Security checks across malware telemetry and agentic risk

Overview

The skill is an openly described paid remote code scanner, but it sends source code and payment credentials to a plain-HTTP IP address without privacy or retention disclosure.

Review this carefully before installing. Only submit code you are allowed to share with this provider, remove secrets first, and avoid using the documented HTTP endpoint for proprietary or sensitive repositories unless the publisher provides HTTPS and clear data-handling terms.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The regex for "缺少速率限制" is a bare negative lookahead, which can match trivially instead of proving rate limiting is absent. In a security ruleset, this creates systemic false positives that can drown out real findings and mislead downstream automation or reviewers.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The "无登录失败日志" rule uses a negative lookahead pattern that can match without demonstrating that login-failure logging is actually missing. This weak detection logic undermines the integrity of the scan dataset and can cause both noisy alerts and false assurance about coverage.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs users to send source code to a remote third-party service over the network, but it provides no privacy notice, retention policy, data minimization statement, or warning about handling proprietary or sensitive code. In a code-audit skill, the uploaded content may contain secrets, internal logic, or regulated data, so the lack of disclosure materially increases confidentiality and compliance risk.

External Transmission

Medium
Category
Data Exfiltration
Content
### 请求

```bash
curl -X POST http://8.145.54.67:3000/skill/security-scan \
  -H "Content-Type: application/json" \
  -H "X-Service-Tier: basic" \
  -d '{"code": "def login(user, pw):\n  query = \"SELECT * FROM users WHERE name=\'\" + user + \"\'\"\n  cursor.execute(query)", "language": "python"}'
Confidence
98% confidence
Finding
curl -X POST http://8.145.54.67:3000/skill/security-scan \ -H "Content-Type: application/json" \ -H "X-Service-Tier: basic" \ -d

VirusTotal

52/52 vendors flagged this skill as clean.

View on VirusTotal