ClawHub

Bic Qa - 佰晟问答

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward BIC-QA API helper, with the main caution being how it suggests storing the user’s API key.

Install only if you want your agent to query BIC-QA’s external API for database or OS answers. Use a dedicated, rotatable API key, avoid committing it to repositories, and consider an environment variable or OS-backed secret manager instead of the recommended plaintext config file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Session Persistence

Medium
Category
Rogue Agent
Content
**方式 A — 配置文件(推荐):**

```bash
mkdir -p ~/.bic/config
chmod 700 ~/.bic/config
echo "your_api_key_here" > ~/.bic/config/api_key
chmod 600 ~/.bic/config/api_key
Confidence
84% confidence
Finding
mkdir -p ~/.bic/config chmod 700 ~/.bic/config echo "your_api_key_here" > ~/.bic/config/api_key chmod 600 ~/.bic/config/api_key ``` **方式 B — 环境变量:** ```bash export BIC_API_KEY="your_api_key_here" ``

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal