ClawHub

爱图表 AI图表3 D插图

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be an API-backed 3D chart generator, but it needs review because it stores a persistent API key and bundles broader chart, PPT, Sankey, and export commands than its advertised 3D purpose.

Review before installing. Use a dedicated, revocable aitubiao API key, avoid submitting sensitive or regulated datasets unless you trust the service, and be aware that the bundled script can do more than generate 3D chart illustrations, including other project creation and local export downloads.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to solicit an API key from the user and persist it under `~/.aitubiao/credentials` across sessions. Persistent credential collection by a general-purpose skill materially raises the risk of secret exposure, reuse, unintended retention, and compromise of the user's external account if the local environment or logs are accessed.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script exposes materially broader capabilities than the skill metadata advertises, including quota inspection, generic chart/PPT/Sankey creation, and project export/download flows. In an agent-skill setting, this scope mismatch is dangerous because users and orchestration layers may grant trust or permissions based on the declared narrow 3D-chart purpose, enabling unintended data processing and file-generating behavior.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
These command handlers actively implement non-3D project creation paths that contradict the stated single-purpose 3D illustration functionality. In a security review, hidden or undisclosed capabilities are risky because they expand the attack surface and can cause an agent to send user data to remote endpoints for tasks the user did not intend to invoke.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The script can export remote projects and write the resulting files to arbitrary local paths supplied by the caller. That is sensitive beyond simple 3D stylization because it enables local file creation and storage of remote content, which can be abused for unauthorized data retrieval, overwriting user files in writable locations, or surprising persistence on the host.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill asks users to paste an API key and states it will be stored persistently, but does not clearly warn that the credential is sensitive, should not be reused from other services, and may grant billable account access. This omission increases the likelihood of unsafe secret handling and social-engineering success against less experienced users.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill sends user-supplied chart data to `api.aitubiao.com`, but the description and workflow do not prominently disclose that uploaded files or pasted data leave the local environment. For business, financial, or personal datasets, this can lead to unintentional third-party disclosure and compliance/privacy issues.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal