ClawHub

外卖评价智能监控

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate local review-analysis skill, but it stores optional platform API keys and review history in local plaintext files without adequate warning or protection.

Install only if you are comfortable with local storage of review data and reports. Avoid entering real platform API keys unless you can protect or manually permission the config file, and treat ~/.food_review_monitor/config.json, data, and reports as sensitive business data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger phrases are broad, natural-language requests that overlap with ordinary conversation, making accidental invocation plausible. Unintended activation could lead to unexpected file processing, report generation, local file creation, or setup flows without clear user intent.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation mentions creating local config/data files and even setting up daily checks, but it does not clearly warn users about filesystem changes or potential scheduled-task creation on their system. Hidden persistence and automation behaviors reduce informed consent and can surprise users with lingering local state or recurring executions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
During setup, API keys are collected via interactive input and then persisted in plaintext JSON under ~/.food_review_monitor/config.json. This creates a real secret-handling weakness because any local user, backup process, malware, or accidental file sharing can expose the credentials, and the script does not warn the operator that the secrets will be stored long-term.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal