ClawHub

TrainClaw

Security checks across malware telemetry and agentic risk

Overview

TrainClaw is a disclosed China rail lookup tool that contacts 12306 services and keeps a local station cache, with only minor caution about broad auto-trigger wording.

Install only if you want OpenClaw to perform China Railway 12306 lookups. Use it for explicit ticket, train-stop, or transfer queries, and remember that route details you provide may be sent to 12306 endpoints while station data is cached locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill advertises network access and local cache writes in its documentation but does not declare any permissions, creating a transparency and governance gap. This can cause the agent platform or user to invoke a skill with capabilities they did not explicitly approve, especially since it fetches remote station data and writes to a cache directory.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger condition is broad enough to activate on many generic travel-related mentions, which can lead to unintended execution of a networked skill. While this is not directly a code-execution flaw, over-triggering increases unnecessary data exposure, user confusion, and the chance that external requests are made without clear user intent.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger section is very broad and includes an open-ended "etc.", which can cause the skill to activate for loosely related travel queries that were not intended for this tool. In an agent setting, overbroad activation increases the chance of unnecessary command execution, wrong-tool selection, and unexpected handling of user data or requests.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal