ClawHub

Bic Awr Analyze - 佰晟问诊

Security checks across malware telemetry and agentic risk

Overview

This skill clearly exists to upload database performance reports to a named external analysis API, which is sensitive but disclosed and purpose-aligned.

Install only if you are comfortable sending selected AWR or compatible database performance reports to BIC-QA's external API. Review reports for secrets, hostnames, schema names, business-sensitive workload details, or customer data before upload, and use an approved API key and destination under your organization's data-sharing policy.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# All requests go ONLY to the official BIC-QA API (api.bic-qa.com)
curl -s -X POST "https://api.bic-qa.com/skills/awr" \
  -H "Authorization: Bearer ${BIC_QA_KEY}" \
  -F "dbtype=oracle" \
  -F "lang=zh" \
Confidence
95% confidence
Finding
curl -s -X POST "https://api.bic-qa.com/skills/awr" \ -H "Authorization: Bearer ${BIC_QA_KEY}" \ -F "dbtype=oracle" \ -F "lang=zh" \ -F "file=@/path/to/awr_report.html" ``` - 至少包含 **一个带文件名的文件

External Transmission

Medium
Category
Data Exfiltration
Content
将数据库性能报告提交到 **BIC-Skills AWR 分析 API**(HTTPS),由服务端异步处理,分析结果通过邮件发送。

**Base URL(AWR)**:`https://api.bic-qa.com/skills/awr`

## Setup
Confidence
87% confidence
Finding
https://api.bic-qa.com/

External Transmission

Medium
Category
Data Exfiltration
Content
## API 调用模板

AWR 接口为 **HTTP POST**,发往 **`https://api.bic-qa.com/skills/awr`**。支持 **multipart 上传文件**(推荐)或 **JSON + 服务端可访问路径**。

### 方式一:multipart 上传文件(推荐)
Confidence
89% confidence
Finding
https://api.bic-qa.com/

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# All requests go ONLY to the official BIC-QA API (api.bic-qa.com)
curl -s -X POST "https://api.bic-qa.com/skills/awr" \
  -H "Authorization: Bearer ${BIC_QA_KEY}" \
  -F "dbtype=oracle" \
  -F "lang=zh" \
Confidence
95% confidence
Finding
https://api.bic-qa.com/

External Transmission

Medium
Category
Data Exfiltration
Content
适用于 **运行 bic-skills 的环境能读取该路径** 的场景(例如代理与文件在同一机器)。公开云 API 若无法访问本机路径,请优先用 **方式一**。

```bash
curl -s -X POST "https://api.bic-qa.com/skills/awr" \
  -H "Authorization: Bearer ${BIC_QA_KEY}" \
  -H "Content-Type: application/json" \
  -d '{"file":"/path/to/awr_report.html","dbtype":"oracle","lang":"zh"}'
Confidence
91% confidence
Finding
https://api.bic-qa.com/

External Transmission

Medium
Category
Data Exfiltration
Content
## 工作流程建议

1. 确认用户意图为上传/分析 AWR(或兼容)报告,并确定 `dbtype` 与 `lang`。  
2. 使用已配置的 API Key,优先以 **multipart** 将文件提交至 `POST https://api.bic-qa.com/skills/awr`。  
3. 根据响应提示用户异步查收邮件,勿虚构即时完整报告内容。

## 相关资源
Confidence
88% confidence
Finding
https://api.bic-qa.com/

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal