ClawHub

AIRS-具身智能订单信息采集器

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed research workflow for collecting public bidding evidence, using a logged-in Tianyancha browser session and an OpenAI-compatible LLM, with risks users should manage before running it.

Before installing, use a dedicated low-privilege Chrome profile for Tianyancha, close remote debugging after use, keep config/settings.json and data outputs private, and confirm your LLM provider is approved for the records you process. Back up any reviewed CSVs before reruns if analyst edits matter.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs the user to operate against Tianyancha using an already logged-in browser session and to save scraped announcement content locally, but it does not explicitly warn about the security and privacy implications of doing so. This can lead users to expose authenticated session data, capture unexpected account-scoped content, or persist sensitive/raw website data to disk without understanding the risks, especially when using remote debugging on Chrome.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill explicitly writes multiple local output files and uses a rerun workflow that can refresh or replace prior results, but it does not warn the user that existing CSV/JSON artifacts may be overwritten or changed. In a research pipeline, silent modification of review sheets, extraction outputs, or progress files can lead to loss of analyst work, corrupted provenance, or unintended downstream ingestion.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill states that it uses an OpenAI-compatible LLM configuration and local API key to process bidding records and raw announcement content, but it does not disclose that source documents may be transmitted to an external model endpoint. Because these inputs may contain sensitive business, procurement, or investigatory data, undisclosed external transmission creates a meaningful confidentiality and compliance risk.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly instructs use of an OpenAI-compatible LLM configuration and a local API key, but it does not warn users that case data may be sent to an external model endpoint. Because the workflow processes research records and enterprise-related case details, this can cause unintended credential exposure or external transmission of sensitive or proprietary data if operators assume all processing is local.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code sends full record content to an LLM, including the source link and free-text case details, without any minimization, redaction, or explicit trust boundary controls. Even if the dataset is intended to be public bidding information, transmitting raw records and URLs to an external model provider can create unnecessary data exposure, leak internal research workflow context, and increase prompt-injection risk if hostile content is embedded in scraped records.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal