ClawHub

do-it - 滚滚判断技能

Security checks across malware telemetry and agentic risk

Overview

This skill is a decision-advice tool, but it handles sensitive life details with under-disclosed remote submission, local history storage, and overly directive high-stakes recommendations.

Review before installing. Do not enter secrets, regulated financial/legal/medical details, or highly sensitive personal information. Avoid test.html unless you trust the hard-coded remote API, clear browser LocalStorage on shared machines, and treat recommendations as brainstorming rather than professional advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (46)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The product plan materially expands the skill from a personal decision-support assistant into a broader commercial platform with user management, payments, case retention, and API services. This scope expansion increases the attack surface and data-handling risk beyond what users would reasonably expect from the stated skill description, creating a transparency and trust boundary problem.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
Adding payment management and monetized data-API capabilities is a significant functional expansion unrelated to the narrow user expectation of AI help for life choices. If deployed without explicit disclosure and controls, users may unknowingly interact with commercial processing and data flows that carry financial, privacy, and abuse risks.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The project summary documents capabilities that materially exceed a narrow 'life-decision judgment' skill description, including automated web crawling, an HTTP API, and history persistence. This creates a transparency and scope-expansion risk: operators or users may grant trust to a benign-seeming advisory skill without realizing it also performs network collection and stores user activity.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
Automated external data crawling is a non-trivial capability that increases attack surface, privacy exposure, and operational risk, yet this document does not clearly tie it to the declared purpose or bound its behavior. In the context of an end-user decision assistant, undisclosed or weakly justified crawling can enable unexpected outbound requests, ingestion of untrusted content, and collection practices users did not anticipate.

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The documented functionality expands beyond a life-decision support skill into operational data collection and recruitment-site crawling, which is a meaningful scope mismatch. This is dangerous because users and reviewers may grant the skill broader trust than intended, while the undocumented collection behavior enables unanticipated external interactions and data ingestion.

Context-Inappropriate Capability

Medium
Confidence
82% confidence
Finding
The README introduces recruitment-site scraping for a skill framed as making personal life judgments, but it does not clearly justify why scraping is necessary for that purpose. This is risky because unjustified external collection features can mask excessive capability, increase legal/compliance exposure, and create opportunities for misuse beyond the skill's stated mission.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The file’s docstrings and console messages repeatedly claim it 'crawls from the internet', but the implementation only returns hardcoded sample records and writes them to disk. This is a supply-chain trust issue: operators may believe the dataset is fresh, externally sourced, and representative when it is fabricated/static, which can mislead downstream analysis, audits, or decision-making.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The file's behavior materially differs from the declared skill purpose: instead of helping with life decisions, it implements salary-data scraping, aggregation, and local dataset construction. This capability mismatch is dangerous because it hides data-collection functionality behind an unrelated description, reducing user visibility and review scrutiny, and it includes scraping of third-party sites with explicit acknowledgment of anti-bot/login barriers.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The script adds web-scraping and dataset-building capabilities that are not necessary for the stated life-decision assistant function. In skill ecosystems, undeclared collection and persistence features increase risk because they can be repurposed for stealthy data gathering, policy violations, or collection of sensitive labor-market information without users expecting that behavior.

Description-Behavior Mismatch

High
Confidence
92% confidence
Finding
The document materially expands the skill from simple decision assistance into a full data-ingestion and platform operation stack, including crawling, scheduled collection, storage, APIs, and monitoring. This creates substantial additional attack surface, legal/compliance exposure, and data-governance risk that is not clearly scoped or justified by the stated skill purpose.

Context-Inappropriate Capability

Medium
Confidence
79% confidence
Finding
The scheduled updates for stock returns and exchange rates introduce financial-data processing capabilities that are not well aligned with the declared life/career decision scope. Unnecessary data collection increases system complexity and can enable function creep into financial advice or sensitive profiling without corresponding controls.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The plan stores detailed case records including user profiles, options, recommendations, outcomes, and satisfaction data in persistent databases. This creates a meaningful privacy and security risk because it enables long-term retention of potentially sensitive personal and behavioral data beyond what is obviously necessary for a lightweight decision-support skill.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The page collects highly personal decision-making context such as relationship status, finances, family situation, and preferences, then sends it to a third-party remote API. This is dangerous because the skill is presented as a local judgment helper with no clear disclosure, so users may unknowingly expose sensitive personal data to an external service.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The code embeds an undeclared network capability by POSTing sensitive user data to a hard-coded IP address, which bypasses user expectations and makes the destination opaque and difficult to audit. Using a raw IP also increases suspicion and operational risk because it obscures ownership, trust context, and lifecycle controls.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The interface repeatedly claims to provide objective, data-driven analysis, but the code simulates progress and can produce a canned recommendation unrelated to any real analysis. This is deceptive behavior that can mislead users into trusting fabricated advice for sensitive life decisions such as career, relationships, or investments.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The document explicitly plans to collect user feedback and save history, but it provides no mention of consent, retention limits, access controls, or privacy disclosures. For a decision-making product, stored history may include sensitive personal, career, financial, or life-choice details, creating avoidable privacy and compliance risk if implemented as described.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The roadmap mentions integrating a real AI API without acknowledging that user prompts may be transmitted to a third-party service. Because this skill handles personal decision support, user submissions are likely to contain sensitive personal context, and silent external transmission can expose private data and create legal/compliance issues.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document explicitly describes archiving cases and updating a knowledge base after each decision, but does not disclose what user data is retained, how long it is stored, or whether users can opt out. In a skill handling major life, relationship, and investment decisions, this creates a privacy risk because sensitive personal information may be persistently stored and reused without informed consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill is positioned to give strong action-oriented recommendations for major career, relationship, business, and investment decisions, but it does not clearly warn that outputs are advisory only and may be wrong. Because the branding repeatedly encourages users to act on the system's judgment, users may over-rely on unqualified advice in high-stakes contexts, leading to financial, emotional, or safety harms.

Natural-Language Policy Violations

Medium
Confidence
97% confidence
Finding
The language strongly encourages users to hand over judgment to the system and simply follow its recommendation, which undermines informed user choice and increases automation bias. In this skill's context, that is especially dangerous because it targets major life and investment decisions where users may be vulnerable, emotional, or seeking certainty, making manipulative framing more likely to cause real-world harm.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly targets high-stakes domains such as careers, relationships, investments, housing, and marriage while framing the assistant as a decisive judgment engine that gives clear recommendations. Although it includes a brief 'for reference only' note later, the overall design encourages reliance on consequential advice without prominent upfront risk warnings, limitations, or escalation guidance for financial, mental health, or other sensitive decisions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The product design explicitly includes collecting sensitive personal life-decision details, storing results, and offering sharing features, but shows no privacy notice, consent flow, retention policy, access controls, or data-handling safeguards. Because the app targets career, relationship, investment, and life-choice questions, the data can be highly sensitive and could expose users to privacy harm, profiling, embarrassment, or secondary misuse if logged, leaked, or shared improperly.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The plan explicitly describes retaining execution feedback, result records, satisfaction ratings, and case management content, but does not mention privacy notice, consent, retention limits, or deletion rights. Because the skill concerns sensitive life choices such as career, relationships, and investment, collecting case histories without safeguards can expose highly personal data and create substantial privacy harm.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The plan references automatic data updates and later third-party AI/API integrations and monitoring, yet provides no user-facing warning that user inputs may be transmitted to external services or affected by automated collection and observability tooling. This is risky because users may share sensitive personal decision data without understanding where it goes or who processes it.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The document describes automatic web crawling and history saving but provides no warning about network activity, data collection, or persistence. For a life-choice assistant, users may submit sensitive personal details; if those inputs are stored in history or transmitted during API use without clear notice, this creates meaningful privacy and consent risks.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal