ClawHub

Cn Holiday Calendar

Security checks across malware telemetry and agentic risk

Overview

This China holiday skill is mostly coherent, but needs review because one helper can fetch any URL while the documentation frames network use as gov.cn-only holiday retrieval.

Install only if you are comfortable with a skill that can make outbound web requests and write a local year cache. Until it is tightened, use it only in an environment where arbitrary URL fetching is not sensitive, and prefer a version that restricts fetches to HTTPS gov.cn holiday-notice hosts and avoids captured or hardcoded session-style values.

Publisher note

cn-holiday-calendar is a China date utility skill built on the official State Council website (gov.cn) holiday notices, so it can determine statutory holidays, make-up workdays, and ordinary workdays with official accuracy rather than relying on weekday rules alone. It also integrates lunar-python to provide lunar date summaries, solar terms, and fuller calendar details on request. By default, it returns a concise lunar summary, while still allowing expanded calendar information when needed. cn-holiday-calendar 是一个面向中国日期查询的技能,核心优势是基于国务院官网 gov.cn 的官方节假日通知来判断法定节假日、调休工作日和普通工作日,结果更权威,也更贴近实际放假安排。它同时接入了 lunar-python,可以提供农历摘要、节气和更完整的万年历信息。默认会返回简洁的农历信息,用户需要时也可以查看更全面的日期详情。

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill performs file read/write and network operations but declares no permissions, creating a transparency and policy-enforcement gap. In an agent environment, undeclared capabilities can bypass user/operator expectations and allow unreviewed data retrieval or persistence, especially because the workflow fetches external content and writes cache files.

Tp4

High
Category
MCP Tool Poisoning
Confidence
78% confidence
Finding
The documented purpose is holiday/workday lookup, but the skill also exposes broader lunar metadata and generic gov.cn search/fetch behavior. That mismatch increases attack surface and can enable unintended data collection or prompt-driven use beyond the reviewed purpose, making it harder for users and policy systems to reason about what the skill is allowed to do.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill expands beyond official holiday/workday determination into broad lunar-calendar, zodiac, and auspicious-day data collection. This increases the skill's capability and output surface beyond its stated purpose, which can surprise users, expose unnecessary derived data, and create unnecessary trust and compliance risk for an otherwise narrow utility.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
Date and month query outputs include lunar and solar-term fields even for normal use, despite the manifest focusing on workdays, holidays, and make-up workdays. Returning undeclared extra data broadens the skill's behavior and can mislead users and downstream agents about what information is being gathered and disclosed.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The body command accepts an arbitrary URL and passes it to requests.get, turning a holiday helper into a generic fetch primitive. In an agent setting this can enable SSRF-like behavior, access to unintended internal or cloud metadata endpoints, or retrieval of untrusted content outside the stated gov.cn scope.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The fetch_notice_body function performs unrestricted outbound requests to whatever URL it is given, without validating domain, scheme, or network destination. Within an agent or server environment, this is a classic arbitrary URL fetch capability that can be abused for SSRF, internal service probing, or access to sensitive metadata endpoints.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The reference instructs the skill to use a captured browser-session value (`athenaAppKey`) together with hardcoded signing material (`T-KEY`, `T-SEC`) to access a government search endpoint. Even if these are not end-user secrets, documenting reuse of session-derived or credential-like values encourages scraping with embedded tokens, creates brittle hidden dependencies, and can lead to unauthorized or non-transparent network access from the skill.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal