ClawHub

企查查

Security checks across malware telemetry and agentic risk

Overview

The skill appears to perform company lookups through an undisclosed third-party search service and may include an exposed API key, so it needs review before use.

Install only after the publisher discloses the actual lookup provider, removes and rotates any embedded API key, and labels results as search-derived or switches to the advertised authorized data sources. Treat outputs as unverified until each field is linked to a source.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The skill metadata claims it queries enterprise information from Qichacha/Tianyancha, but the implementation reportedly uses an undeclared Tavily search service, hardcoded third-party API keys, and infers results from generic search output instead of the stated sources. This is dangerous because it hides external data flows, can leak secrets, and misrepresents provenance and reliability of the returned business data, undermining user trust and security review.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The skill advertises authoritative enterprise data sources such as 企查查、天眼查、爱企查, but the implementation actually sends queries to Tavily and derives results from generic search snippets. This is dangerous because users may trust the output as sourced from official or specific platforms when it is actually inferred from third-party search results, creating a provenance and integrity gap.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The implementation does not query 企查查/天眼查 directly; it performs broad web search and regex extraction over arbitrary content. That can produce fabricated, stale, or manipulated company data while presenting it in a structured, authoritative-looking format, which may mislead downstream users or agents into acting on false information.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
A hard-coded Tavily API key is embedded directly in the source code. Exposed credentials can be copied and abused by anyone with code access, leading to unauthorized API usage, quota exhaustion, billing impact, and loss of control over the linked third-party account.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
User-supplied company names are transmitted to Tavily without any notice that a third-party service is receiving the query. In a business context, company names being investigated may themselves be sensitive, and silent disclosure can create privacy, confidentiality, or compliance issues.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal