ClawHub

高考志愿

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed admissions-advice API wrapper; its main risks are expected credential storage and sending exam-related inputs to the provider API.

Install only if you are comfortable using the Xiaobenyang service, storing its API key in a local .env file, and sending Gaokao scores, province, school, major, and preference inputs to mcp.xiaobenyang.com. Use a dedicated API key and avoid committing or sharing the .env file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
This code adds persistent credential storage functionality by writing an API key into a local .env file, which is broader than what a gaokao recommendation skill intrinsically needs and creates unnecessary secret-handling risk. Persisting secrets to local project state can expose them through accidental file inclusion, weak filesystem permissions, backups, or later reuse by unrelated code.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The function silently persists a provided API key to .env without any user-facing notice, confirmation, or disclosure that the secret will remain on disk. This increases the chance that users unknowingly store credentials in an insecure location and later leak them through source control, support bundles, backups, or shared environments.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This file repeatedly forwards user-supplied student and profile-related data such as score, province, school preferences, and major interests to an external API via call_api, but there is no visible disclosure, consent flow, minimization, or privacy guard in this code. In an education guidance skill, these data points can be sensitive personal/academic information, so silent third-party transmission creates a real privacy and compliance risk even if the feature is functionally expected.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
pydantic>=2.7.0
pydantic-settings>=2.2.0
python-dotenv>=1.0.1
Confidence
97% confidence
Finding
requests>=2.31.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
pydantic>=2.7.0
pydantic-settings>=2.2.0
python-dotenv>=1.0.1
Confidence
97% confidence
Finding
pydantic>=2.7.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
pydantic>=2.7.0
pydantic-settings>=2.2.0
python-dotenv>=1.0.1
Confidence
95% confidence
Finding
pydantic-settings>=2.2.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
pydantic>=2.7.0
pydantic-settings>=2.2.0
python-dotenv>=1.0.1
Confidence
96% confidence
Finding
python-dotenv>=1.0.1

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal