ClawHub

Traditional Chinese Medicine Kg

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it needs Review because it saves an API key to a local .env file and includes broader remote API-call capability than its stated graph-query purpose requires.

Install only if you trust XiaoBenYang with your API key and graph queries. Before use, consider storing the key outside a project .env file or removing it after use, and avoid submitting sensitive Cypher queries or private data unless the service’s data handling terms are acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The documentation references a gaokao/school-search workflow and project structure unrelated to the stated medicine-domain purpose, indicating copy-paste drift or poor provenance control. In security terms, inconsistent documentation increases the risk that reviewers and users misunderstand what backend systems are contacted and what data operations are actually performed.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
This code implements a generic outbound API invocation wrapper that can call arbitrary remote tools by varying `mcp_id`, `tool_name`, and `params`, which exceeds the narrowly stated herbal knowledge-graph purpose. In a skill context, this broad proxy capability increases the attack surface because the skill can transmit user-supplied data to an external service and invoke functionality not clearly constrained to the declared domain.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The client is designed as a reusable external tool proxy rather than a narrowly scoped integration for TCM knowledge-graph construction. That mismatch matters because an overbroad capability can be repurposed to access unintended remote functions, making abuse or data exfiltration easier if upstream inputs are influenced by users or other components.

Description-Behavior Mismatch

Medium
Confidence
81% confidence
Finding
The skill is presented as a traditional-medicine knowledge graph tool, but the code includes configuration for an external MCP endpoint and API credential handling. That semantic mismatch increases supply-chain risk because users may provide secrets or permit networked behavior they would not reasonably expect from the stated purpose.

Context-Inappropriate Capability

High
Confidence
93% confidence
Finding
This code can modify the local .env file and persist an API key outside a narrowly justified need for the advertised skill. Persisting credentials to disk expands exposure to local compromise, accidental commits, secret reuse leakage, and abuse by any later code that reads the same file.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The code sends both an API key and arbitrary request parameters to an external endpoint, but there is no visible user-facing disclosure, consent, or minimization in this component. In a skill environment, that creates a privacy and trust risk because potentially sensitive prompts or structured data may be forwarded off-platform without clear restriction or transparency.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The function silently persists the provided API key to .env with no user-facing warning, consent flow, or notice about storage location. This can cause users to disclose secrets under the assumption they are used transiently, leading to unintended long-term credential retention.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal