ClawHub

cnsdoce

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed construction cost-estimating helper; the main caution is that its optional/default semantic matching can send work descriptions to Tencent or Doubao LLM APIs.

Install if you are comfortable with a construction-estimating skill that may call Tencent Hunyuan or Doubao for semantic matching. For confidential bids, customer names, infrastructure details, or strict audit requirements, use the local SQLite/search workflow, avoid cloud LLM matching, and verify that outputs cite the local quota database before relying on them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
82% confidence
Finding
The documentation instructs creation and execution of ad-hoc PowerShell/Python files, including absolute-path execution patterns outside the core estimating workflow. Encouraging arbitrary script creation increases the chance of command injection, unsafe file writes, and execution of attacker-influenced content if any part of the query or path is derived from untrusted input.

Intent-Code Divergence

Medium
Confidence
76% confidence
Finding
The skill claims a strict 'unique-source' authoritative mode, yet other sections still describe LLM-driven inference as part of the workflow. This inconsistency can cause users to rely on supposedly authoritative outputs that may actually include non-authoritative model-generated content, undermining data integrity and traceability.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script sends user work descriptions to external LLM services by default, while the skill description emphasizes local/strict data-source behavior for quota lookup and pricing. That mismatch can cause unintended disclosure of potentially sensitive construction, pricing, or project details to third-party providers without a clear trust boundary or user expectation.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The function claims to generate a Tencent signature-v3 temporary token, but actually returns a raw 'secret_id:secret_key' string. This misleading implementation can cause long-lived cloud credentials to be handled or transmitted in an unsafe format, increasing the chance of credential exposure, misuse, or incorrect authentication assumptions by maintainers.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code transmits user-supplied work descriptions to external LLM APIs without an explicit warning or consent step. In this domain, descriptions may contain sensitive project, pricing, infrastructure, or customer information, so silent transmission creates a real confidentiality and compliance risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal