ClawHub

Aries Holiday Weekday

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its Chinese holiday-checking purpose, but it includes an overbroad URL fetch command and hardcoded gov.cn search signing material that should be reviewed before installation.

Install only if you are comfortable with the helper making outbound web requests and writing yearly cache files. Before broad use, the publisher should restrict notice fetching to HTTPS gov.cn hosts, remove or replace captured/static signing material with a supported public access method, and declare the network and cache permissions clearly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill instructs the agent to read and write local cache files and perform network access to gov.cn via helper scripts, but the skill metadata does not declare any corresponding permissions. Undeclared file and network capabilities create a trust and policy gap: a host may expose broader access than users or reviewers expect, and an attacker who can influence inputs or fetched content could leverage those capabilities in ways not captured by the manifest.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The `body` subcommand accepts an arbitrary URL and passes it directly to `requests.get`, so the skill exposes a general-purpose fetch primitive rather than restricting access to official holiday notice pages. In an agent setting, this can be abused for SSRF-like behavior, internal metadata probing, or using the skill as an undisclosed network proxy, which is broader than the advertised holiday-checking purpose.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation instructs the skill to use a browser-captured session-derived key (`athenaAppKey`) together with static signing inputs to access a government search endpoint, but it provides no warning, consent boundary, or handling guidance for secret/session material. This creates a real risk of credential/session misuse, brittle scraping behavior, and unintended network exfiltration because implementers may embed or reuse captured tokens outside their intended browser context.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The file hardcodes Athena-related key/secret values and transmits them in request headers, which exposes embedded credentials to anyone with code access and makes rotation or environment-specific control difficult. Even if these are low-sensitivity integration tokens, hardcoding secrets in source creates credential leakage and reuse risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal