ClawHub

Random Generator

Security checks across malware telemetry and agentic risk

Overview

This is an API-backed random generator, but it stores an API key on disk and asks users to trust an external service for cryptographic randomness without enough scoping or disclosure.

Review carefully before installing. Do not use this skill to generate passwords, tokens, keys, or confidential random choices unless you trust xiaobenyang.com to generate, transport, and handle those values securely. Expect your API key to be saved in plaintext in .env and your requests to be sent to the external API.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (22)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill documents capabilities to read environment variables, write local configuration, and send network requests, yet it declares itself as a random-number service without corresponding permission transparency. This creates a trust gap: users and orchestrators may treat it as low-risk utility code while it can persist secrets and exfiltrate data to an external API.

Tp4

High
Category
MCP Tool Poisoning
Confidence
98% confidence
Finding
The documented behavior does not match the declared purpose: instead of being a self-contained random-number generator, it acts as a remote API client that collects an API key, stores it locally, and transmits requests externally. This mismatch is dangerous because users may disclose credentials and allow network/file operations they would not expect from a simple RNG skill.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The instructions include unrelated tooling references such as `search_schools` within a skill supposedly dedicated to random-number generation, indicating copy-paste contamination or confused tool routing. In an agent setting, this can misdirect execution toward unintended functions, causing unauthorized actions, data disclosure, or operation on the wrong backend.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The project structure names an unrelated `xiaobenyang_gaokao_skill`, which conflicts with the stated service identity and reinforces that the skill may be repurposed from another project without careful validation. Such identity inconsistency reduces trustworthiness and increases the chance that hidden behaviors, wrong endpoints, or unrelated code paths remain active.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The file’s behavior materially contradicts the advertised skill purpose: instead of implementing a random-number service, it configures access to an unrelated remote '小笨羊高考' service and manages its API credential. In an agent skill ecosystem, this kind of purpose mismatch is a strong indicator of deceptive capability, hidden data flow, or unauthorized service access, making the skill context significantly more dangerous.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill includes functionality to persist a remote service API key to a local .env file even though that capability is not necessary for a random-number generator. Excess credential management increases attack surface, creates secret-at-rest exposure, and is especially suspicious because it exceeds the skill’s stated scope.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill is presented as a cryptographically secure random number generation server, but this file only proxies requests to an external API. That mismatch is security-relevant because consumers may assume local generation and stronger trust boundaries, while sensitive randomness requests and trust in entropy quality are delegated to an undisclosed remote service.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The function documentation claims to generate cryptographically secure integers, but the implementation merely forwards parameters to an external API. This can mislead downstream users into using the output for secrets, tokens, or key material without understanding that security depends entirely on a remote service outside this codebase.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
This float generator is documented as secure local generation, but it only delegates to an external API call. The misleading security claim weakens informed consent and may cause developers to rely on unverified remote randomness in high-trust contexts.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
Random bytes are commonly used directly for secrets, tokens, nonces, and keying material, so claiming cryptographically secure generation while only proxying to a remote API is especially risky. If the remote service is compromised, predictable, logged, or substituted, consumers could unknowingly use attacker-observable or weak secret material.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The UUID generator claims cryptographically secure UUID creation, but actually forwards the request to an external service. That discrepancy matters because UUIDs may be used as identifiers in security-sensitive workflows, and consumers are not informed that generation occurs outside the local environment.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
Random strings are frequently used as passwords, API keys, invite codes, or reset tokens, so representing this wrapper as secure local generation is dangerous. A remote service could observe, influence, or replay generated values, undermining confidentiality and unpredictability.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The function claims secure random selection but delegates both the input choice list and selection process to an external API. This exposes potentially sensitive input data and makes fairness or unpredictability depend on a remote service that is not described here.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The boolean generator is documented as cryptographically secure, but the implementation simply calls a remote API. While lower risk than bytes or strings, it still misrepresents the trust boundary and could affect systems relying on unbiased or confidential random decisions.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The code writes the API key directly into a local .env file without any user-facing warning, consent, or safeguards. This can leave credentials on disk in plaintext, where they may be committed to source control, read by other local processes, or exposed through backups and logs.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This call transmits user-supplied parameters to a remote API without any disclosure in this file that inputs leave the local environment. Even though the values here are numeric, undisclosed data egress and hidden dependency on an external service are security and privacy concerns, especially for a skill marketed as a local cryptographic generator.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
User-controlled min, max, count, and precision values are forwarded to an external service without any visible disclosure or trust-boundary warning. This creates a transparency problem and may violate user expectations for local-only processing in a security-oriented randomness skill.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Requests for random bytes can be security-sensitive because the length and usage context may correspond to secret generation workflows, yet parameters are silently transmitted to a remote API. Combined with the cryptographic claims, this creates a heightened risk of users unknowingly depending on third-party handling for sensitive randomness operations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
UUID generation requests are forwarded externally without visible disclosure, which is a trust and transparency issue even if the immediate data sensitivity is lower than secret bytes. Users may incorrectly assume no external transmission occurs because the skill is framed as a secure generation service.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
Random string requests include user-selected length and charset and may be used for passwords, tokens, or other sensitive credentials, yet the request is silently sent to an external service. This hidden egress significantly increases the risk of misuse in authentication or secret-generation scenarios.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The entire choices array is transmitted to a remote API without disclosure, which can directly expose sensitive or proprietary user data contained in that list. This is more dangerous than other wrappers because the function may send arbitrary user content, not just numeric parameters.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
Boolean generation parameters are sent to a remote service without any user-facing warning, creating an undisclosed data egress path. Although the data sensitivity is usually low, the lack of transparency is still a real issue in a security-branded skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal