ClawHub

钓鱼热点推送

Security checks across malware telemetry and agentic risk

Overview

The skill matches its fishing-report purpose, but it automatically reuses another skill’s API keys without a clear opt-in or isolation boundary.

Install only if you are comfortable letting this skill reuse AMap and QWeather keys from fishing-trip-planner and store location-based fishing reports under your home directory. Review or remove ~/.fishing-planner/config.json sharing if you want per-skill credential separation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Tainted flow: 'output_path' from input (line 1372, user input) → open (file write)

Medium
Category
Data Flow
Content
if args.output:
            output_path = os.path.abspath(args.output)
            with open(output_path, "w", encoding="utf-8") as f:
                f.write(html)
            log(f"报告已保存: {output_path}", "OK")
        else:
Confidence
90% confidence
Finding
with open(output_path, "w", encoding="utf-8") as f:

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The skill reads another skill's private config file from ~/.fishing-planner/config.json and reuses credentials from it. This violates isolation boundaries between skills and enables unauthorized access to secrets and user settings that the current skill was not explicitly granted.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly states that this skill will automatically read and reuse API keys from another skill, but it does not clearly warn users that credentials may be accessed across skill boundaries. That creates a real risk of unexpected credential use, confused-deputy behavior, and accidental expansion of the trust scope if a user installs or runs the skill assuming isolated configuration.

Missing User Warnings

Low
Confidence
76% confidence
Finding
The README says social text is provided via Agent WebSearch input, but gives no privacy or data-handling warning about what content may be sent, stored, or processed. While this is not direct code execution, it can expose user-supplied or third-party content to external services or logs without informed consent, especially if users paste identifiable or sensitive information.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger list includes relatively broad phrases such as '哪里出鱼', '查鱼情', and '最新钓况', which could match casual conversation and activate the skill unexpectedly. In this skill, unintended activation is more dangerous because execution may lead to web searches, API calls, location handling, and report generation without the user clearly intending to invoke those actions.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The workflow says the agent will search for fishing intelligence, use the user's city/location, call third-party APIs, and optionally pass raw external text into a script, but it does not clearly warn the user that their location and supplied text may be transmitted to external services or stored locally. Because this skill aggregates multiple external sources and archives reports/history, the omission creates a meaningful privacy and data-handling risk rather than a purely cosmetic documentation issue.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The code silently reads and reuses API keys from a separate shared config without clear disclosure or consent. In a skill ecosystem, this weakens trust boundaries and can lead to unauthorized secret reuse, billing abuse, and unintended cross-skill access to third-party services.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill archives generated HTML reports and metadata to disk under the user's home directory without an upfront warning, and those reports can contain location, city, search radius, timestamps, and derived activity context. Persistent local storage of sensitive context increases privacy risk if the host is shared or later compromised.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal