ClawHub

Bazhuayu Rpa Webhook

Security checks across malware telemetry and agentic risk

Overview

This skill does the advertised RPA webhook job, but it needs Review because it ships specific workflow data and gives inconsistent, risky guidance for handling secrets and unattended automation.

Review before installing. Replace config.json with your own blank or local configuration before running, rotate any exposed webhook or Feishu credentials, avoid storing secrets in shell profiles or .env.example, and only enable cron/run_daily for RPA workflows you are comfortable running unattended.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
79% confidence
Finding
The security-check routine goes beyond webhook invocation by inspecting Git repository state and modifying permissions on local log files. While likely intended as a safety feature, this creates side effects on the host filesystem that users may not expect from a webhook tool, increasing operational risk in shared or managed environments.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The manual instructs users to place a live webhook signing key directly into config.json but provides no guidance on restricting file permissions, avoiding source control, or using a secret store. That increases the chance of credential leakage through backups, shared workspaces, logs, or accidental commits, which could let an attacker invoke remote RPA jobs.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The manual encourages triggering remote RPA workflows from CLI scripts, aliases, cron, and higher-level automation without warning that those workflows may perform real external actions such as data collection, form submission, or system changes. In this skill context, silent automation of external actions can amplify mistakes, abuse, or unauthorized task execution.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guide instructs users to append the webhook signing key directly into ~/.bashrc, which stores a secret in plaintext on disk and increases exposure to local compromise, backups, dotfile syncing, and accidental disclosure. While environment variables are better than hardcoding secrets in the shared config.json, shell startup files are not a secure secret store and the document does not warn about this tradeoff.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The example shows transmitting potentially sensitive business data such as order numbers and shipping addresses to a remote webhook, but provides no warning about privacy, data classification, logging, retention, or authorization requirements. In a webhook-triggering skill, this omission is security-relevant because users may copy the pattern directly into production workflows and send personal or regulated data to third-party automation endpoints without adequate safeguards.

Missing User Warnings

High
Confidence
98% confidence
Finding
The documentation includes example parameters for username and password and demonstrates passing credentials on the command line to a remote webhook, without any warning about secret exposure. Command-line secrets can leak through shell history, process listings, logs, screenshots, and automation tooling, making this a strong unsafe pattern for a security-sensitive integration.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The manifest exposes a webhook invocation interface with multiple high-impact parameters and no visible trigger constraints, validation rules, or activation context. In this specific skill, the danger is amplified because the defaults include a live Feishu authorization token and data-table URLs, meaning a caller could trigger RPA runs against real resources and potentially read from or write to connected Feishu data stores.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script reads the webhook signing key interactively and then writes it into `.env.example` on disk, while also printing it to the terminal as export commands. Although the file is chmod 600, persisting a secret in a local template/example file increases exposure through backups, shell history copy/paste, shoulder surfing, or accidental version-control inclusion; the script does not clearly warn the user before writing the secret to disk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal