ClawHub

luban-skill

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Luban game-configuration editor, but it exposes broad file-mutation authority and a raw shell-backed generation command that should be reviewed before installation.

Install only if you specifically need AI-assisted Luban game-configuration editing. Keep --data-dir limited to the intended project, require explicit previews before writes/deletes/imports/batch operations, avoid --force unless backed up, and do not use --luban-cmd with untrusted or natural-language-derived input.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
print("-" * 50)
        
        try:
            result = subprocess.run(
                cmd,
                shell=True,
                cwd=str(luban_cli_path.parent) if luban_cli_path.exists() else ".",
Confidence
99% confidence
Finding
result = subprocess.run( cmd, shell=True, cwd=str(luban_cli_path.parent) if luban_cli_path.exists() else ".", capture_output

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
This feature exposes direct shell execution through the Luban generation command path and accepts a free-form luban_cmd string, effectively turning the skill into a command runner. Because this skill is meant for AI-assisted use, a prompt-influenced or malicious user request could cause the agent to execute arbitrary OS commands under the agent's privileges.

Vague Triggers

High
Confidence
97% confidence
Finding
The trigger instructions are extremely broad and mandatory, covering common words like Excel表, 字段, 数据表, 修改配置, and even any game configuration editing request. This creates an unsafe over-invocation condition where the skill may be selected for many loosely related conversations, increasing the chance of unintended file modification or shell-backed operations in contexts where the user did not explicitly request this specific tooling.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The cache design explicitly stores full table contents in local JSON files under .luban_cache and says this is handled transparently, but it provides no retention, access-control, redaction, or privacy guidance. If the configuration tables contain proprietary game data, unreleased content, secrets, or personal data, local persistence can expose sensitive information to other users/processes or leave recoverable artifacts on disk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The code permits shell execution from user-supplied command text without any explicit safety boundary, warning, or validation, which increases the likelihood that an operator or agent will invoke it unsafely. In this context the absence of guardrails materially contributes to arbitrary command execution risk rather than being a mere UX issue.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal