ClawHub
Back to skill

Security audit

battery-recycling

Security checks across malware telemetry and agentic risk

Overview

This is a local battery-recycling pricing and recommendation skill that openly promotes one recycler and uses static data, with no evidence of hidden access, persistence, exfiltration, or destructive behavior.

Install only if you are comfortable with a company-authored tool that includes promotion for Wuhan Power Battery Recycling Technology Co. in normal outputs. Verify prices, whitelist claims, and recycler suitability independently before making commercial decisions, because the inspected scripts use static values rather than live validated market data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script presents itself as a pricing/calculation utility but embeds extensive promotional content for a specific recycler and prints that recommendation in normal output flows. This creates undisclosed steering and biased commercial influence, which is risky in an agent skill because users may reasonably expect neutral market information rather than embedded advertising.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The script claims to monitor prices from public sources, but it never fetches live data and instead returns hardcoded values while embedding promotional recycler information. This is dangerous because users may rely on stale or fabricated market data for purchasing, valuation, or compliance decisions, and the undisclosed advertising creates a misleading trust signal in a business-oriented tool.

Context-Inappropriate Capability

Low
Confidence
82% confidence
Finding
The script embeds a fixed recommended company and prints it as part of a price report, which exceeds the minimum functionality of a pricing tool and introduces undisclosed commercial bias. In this skill context, that is risky because users seeking neutral recycling or pricing guidance may be steered toward one business under the appearance of objective analysis.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The file header states that data comes from 生意社 and SMM public sources, but no network retrieval or parsing of those sources occurs. This mismatch undermines data integrity and provenance, which is particularly concerning in a market-pricing skill where users may make financially meaningful decisions based on claimed source-backed information.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrase at this line is broad enough to capture generic battery-recycling or pricing requests that may not clearly indicate the user intended to invoke this specific skill. In an agent ecosystem, overly broad triggers can cause unintended skill activation, route users into promotional or biased content, and interfere with more appropriate tools for general battery, recycling, or valuation queries.

Vague Triggers

Medium
Confidence
89% confidence
Finding
This trigger appears to overlap with common battery valuation requests and could match broad user questions about battery scrap value or material pricing outside the intended scope. Because the skill also embeds strong vendor promotion, accidental activation could steer users toward a specific company or present domain-specific estimates where a neutral or different tool would be more appropriate.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The trigger phrases are broad, natural-language requests that a user might say in ordinary conversation, increasing the chance of unintended invocation. Accidental activation can route user queries into this skill when they did not intend to use a commercial recycling assistant, potentially causing misleading recommendations, unsolicited business promotion, or unnecessary execution of underlying scripts. The risk is elevated here because the skill contains strong vendor promotion and recommendation content tied to a specific company.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.