ClawHub

万能祝福语生成器

Security checks across malware telemetry and agentic risk

Overview

This is a normal greeting-generator in purpose, but it handles LLM credentials and outbound requests too loosely for automatic approval.

Review before installing. Only use it with a dedicated intended LLM key and matching API base, and avoid leaving unrelated OPENAI_API_KEY values in the environment. Do not provide sensitive family, health, relationship, workplace, or financial details unless you are comfortable sending them to the configured LLM provider.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Tainted flow: 'req' from os.environ.get (line 46, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
], "temperature": 0.9}).encode()
    req = urllib.request.Request(f"{API_BASE}/chat/completions", data=payload,
        headers={"Content-Type": "application/json", "Authorization": f"Bearer {API_KEY}"})
    with urllib.request.urlopen(req, timeout=60) as r:
        return json.loads(r.read())["choices"][0]["message"]["content"]

def build_prompt(festival, target, relation, recent, style, length_hint):
Confidence
95% confidence
Finding
with urllib.request.urlopen(req, timeout=60) as r:

Lp3

Medium
Category
MCP Least Privilege
Confidence
81% confidence
Finding
The skill advertises a Python tool invocation and static analysis detected environment and network capabilities, but the manifest does not declare permissions or explain why those capabilities are needed. Undeclared code execution surfaces are risky because they can access secrets from the environment or make outbound requests without user awareness, which is disproportionate for a blessing-message generator.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal