ClawHub

job-status

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but users should know it queries an external job-status API over plain HTTP and may show detailed job metadata.

Install only if you are comfortable sending job IDs to www.aicnic.cn over plain HTTP. Do not use it for confidential workloads unless the job IDs and returned metadata are safe to expose, and review the installer before running it because it can install an unpinned dependency and replace an existing local skill directory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill documentation declares no permissions, yet the implementation clearly implies outbound network access and likely shell/tool execution to perform the HTTP request. This mismatch is dangerous because users and policy engines may trust the skill as lower-risk than it actually is, reducing transparency and weakening permission-based controls.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill manifest says it fetches and parses jobState, but the implementation returns a much broader set of job metadata, including command, workDir, userId, resource allocation, and timing information. This is a real data-minimization and overexposure issue: callers expecting only status may unintentionally receive sensitive operational or user-associated details that can leak workload characteristics or filesystem paths.

Intent-Code Divergence

Low
Confidence
84% confidence
Finding
The comment explicitly notes that declared input restrictions for jobId are not enforced by the implementation, and the test confirms arbitrary strings are accepted. This mismatch can undermine assumptions made by callers, validators, or downstream systems and may become a security issue if jobId is later used in URLs, logs, queries, or other sensitive sinks without strict validation.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README clearly documents sending job IDs to an external host and encourages repeated polling, verbose output, direct curl testing, and logging, but it does not prominently warn that operational metadata is transmitted to a third-party remote service. In an HPC/AI environment, job IDs, status, timestamps, and related details can reveal sensitive workload activity, making this a real information exposure and privacy risk even though it appears unintentional.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill sends user-supplied job IDs and associated request metadata to an external endpoint over plain HTTP without clearly warning the user in the description. This creates a privacy and integrity risk because job identifiers may be sensitive operational metadata, and HTTP allows interception or tampering in transit.

Missing User Warnings

Low
Confidence
82% confidence
Finding
Documenting that the skill writes logs to disk without warning about possible persistence of job IDs, timestamps, errors, and operational metadata can lead to inadvertent information disclosure. In an HPC/AI environment, even seemingly routine job-query activity may reveal sensitive workload patterns or identifiers if logs are stored insecurely or retained too long.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The installer copies the skill directory into the user's OpenClaw skills path even when the destination already exists, without asking for explicit confirmation before replacing it. Although it creates a backup first, this still changes the active installed skill automatically and could overwrite local modifications or replace a trusted version with an unreviewed one.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The base URL uses plain HTTP, so the user-supplied job ID and the full server response travel without transport encryption and can be intercepted or modified by an on-path attacker. In this skill's context, the response may include sensitive job metadata, so insecure transport increases the risk of information disclosure and tampering beyond the job ID alone.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script hardcodes an HTTP endpoint (`http://www.aicnic.cn/...`) and sends job queries without transport encryption. This allows attackers on the network path to observe queried job IDs and tamper with API responses, potentially causing false job-status reporting or exposing operational metadata. In an HPC/AI job monitoring context, this is more dangerous because job identifiers and status data may reveal sensitive workload activity and could mislead automation or users about job progress.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal