ClawHub

Search Apple Docs

Security checks across malware telemetry and agentic risk

Overview

The skill appears to provide Apple documentation search, but it routes requests and an API key through a third-party XiaoBenYang service with leftover Gaokao identifiers and automatic local key storage.

Install only if you are comfortable using XiaoBenYang as the intermediary for Apple documentation searches. Use a dedicated low-privilege API key, expect it to be stored in .env, and ensure that file is not committed, synced, or shared.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The configuration is clearly wired to a different service namespace and endpoint family ('小笨羊高考' / XBY_* / mcp.xiaobenyang.com) than the declared Apple developer documentation skill. This mismatch can cause users or downstream agents to send credentials and requests to an unrelated third-party service, creating a real risk of credential misdirection, unintended data disclosure, and supply-chain confusion.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
A docstring naming a different skill is not harmful by itself, but in this context it corroborates that the file was copied from another integration and may be operating against the wrong backend and credentials. That makes the mismatch security-relevant because it increases the chance of operators trusting a skill that actually routes secrets to an unrelated service.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code persists an API key to a local .env file automatically, without explicit user confirmation, storage guidance, or file permission checks. This increases the likelihood of credential exposure through source control inclusion, shared workspaces, backups, or multi-user systems.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal