ClawHub

全国高考志愿填报助手

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent college-admissions API helper, but users should know it saves the required API key locally in a plaintext .env file.

Install only if you are comfortable sending gaokao query details to the XiaoBenYang API and storing your XBY_APIKEY in a local .env file. Keep that file out of shared folders and version control, and rotate the key if it may have been exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The code adds credential persistence functionality by writing an API key to a local .env file and mirroring it into the process environment, which is broader than what a college-admissions helper needs for simple querying. This increases exposure of the secret to local users, logs, backups, accidental source inclusion, and any other code running in the same process.

Intent-Code Divergence

Low
Confidence
85% confidence
Finding
The configuration is inconsistent: the settings model is configured with the XBY_GAOKAO_ prefix, but the manual loader reads XBY_APIKEY directly from .env and os.environ. This mismatch can cause operators to believe one variable controls authentication while another is actually used, leading to misconfiguration, secret leakage into the wrong namespace, or accidental use of stale credentials.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill instructs the agent to collect an API key from the user and save it locally via `scripts.config.set_api_key(api_key)` without warning that the credential will be stored on disk. Storing user secrets without explicit notice and consent increases the risk of credential leakage through local filesystem exposure, logs, backups, or later unintended reuse.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The function silently persists the supplied API key into .env without any user-facing disclosure or confirmation. Secret storage without notice is risky because users may assume the key is transient while it actually remains on disk and may later be exposed through backups, repo commits, or local file access.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal