ClawHub

Vibe Coding 可行性评估

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims, but it sends the user’s project description and an API key to a remote LLM service without clear enough disclosure or consent.

Review before installing. Use a provider-specific key intended for this script, set API_BASE deliberately, and avoid entering secrets, customer data, proprietary implementation details, or regulated information in the project description.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill invokes a local Python script and the analyzer detected environment and network capabilities, but the skill does not declare corresponding permissions. Undeclared capabilities are risky because users and hosting platforms cannot accurately assess what the skill may access, and a seemingly simple evaluation skill could exfiltrate environment data or make unintended outbound requests through the script or its dependencies.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill description presents this as a simple feasibility evaluator, but the implementation silently reads API keys and transmits user input to an external LLM service. That mismatch matters because users may assume local-only evaluation and unknowingly disclose sensitive project details or run the skill in environments with privileged credentials.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
User-supplied project descriptions are sent to an external API without any warning, confirmation, or sanitization guidance. This can expose proprietary code ideas, internal architecture, secrets accidentally pasted into the prompt, or regulated data to a third-party service.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal