ClawHub

Quick Chart

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a chart tool, but it stores an API key locally and has inconsistent service references that users should review before installing.

Install only if you are comfortable giving a xiaobenyang API key to this skill and having it stored in a local .env file. Review or remove the unrelated gaokao/search_schools references and prefer environment-injected credentials over persistent local storage.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill describes capabilities to access environment variables, read/write local files, and make network requests, yet it declares no permissions or user-visible disclosure of those powers. This is dangerous because users and orchestrators cannot accurately assess or constrain the skill’s trust boundary, especially when it also handles secrets and remote API calls.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The documented purpose is chart generation via QuickChart, but the behavior includes collecting and persisting an API key, using unrelated configuration-management functions, and depending on an external xiaobenyang service rather than directly interacting with QuickChart. This mismatch is dangerous because it obscures where data and credentials go, increasing the risk of secret exfiltration, unintended remote dependency, and user deception.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The workflow text describes an API-key-gated gaokao/school-search style service rather than a chart-only QuickChart integration, indicating copy-paste contamination or hidden functionality. In a skill that requests credentials and performs network calls, such identity confusion is dangerous because it can cause users or agents to supply secrets to a service whose actual purpose is unclear.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The documentation tells the model to call an unrelated `search_schools` function even though the declared tool is `GetChartImgLink`. This is dangerous because it can route user input and possibly credentials into unintended code paths or external services, creating confusion, data leakage, and execution of functionality outside the stated chart scope.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
This file introduces API-key persistence and retrieval behavior that is not clearly justified by the stated chart-generation purpose and is further suspicious because the configuration refers to a different service namespace ('小笨羊高考' / XBY_GAOKAO). In an agent skill context, code that stores and manages secrets locally can expand the attack surface for credential capture, unintended reuse, or cross-skill data leakage.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
The code can write an API key into a local .env file, creating persistent secret storage on disk. For a chart tool, this capability is unnecessary on its face and becomes more dangerous in shared or agent-executed environments where local files may be exposed, committed, or read by other components.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The config claims to belong to one skill context while the values and comments reference a different service and namespace, which is a strong indicator of code reuse, misdirection, or supply-chain contamination. This mismatch makes the secret-handling behavior more suspicious because credentials may be routed to or intended for an unrelated backend.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to ask users for an API key and persist it locally via `set_api_key`, but it does not clearly warn users that their credential will be stored in local configuration. This is dangerous because users may disclose sensitive credentials without informed consent, and persisted secrets increase exposure through filesystem access, backups, logs, or later compromise.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Persisting a supplied API key to .env without any user-facing warning, confirmation, or disclosure creates a stealthy credential retention path. Users or operators may believe a key is temporary when it is actually written to disk, increasing the risk of later exposure through backups, logs, repository commits, or local compromise.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal