ClawHub

Cn Express Tracker

Security checks across malware telemetry and agentic risk

Overview

This package-tracking skill is coherent and disclosed, but each lookup sends shipment identifiers to Kuaidi100 and uses the user's Kuaidi100 credentials.

Install only if you are comfortable sending tracking numbers, carrier codes, and your Kuaidi100 customer identifier/signature to Kuaidi100. Use a dedicated API key if possible, watch quota or billing, and avoid storing credentials in shell startup files on shared machines.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill instructs the agent to execute shell commands (`scripts/track.sh`) but does not declare corresponding permissions. This creates a trust and review gap: users and platform policy may not realize the skill can run local commands and make network requests, increasing the chance of unintended execution or abuse if the script is modified or invoked with unsafe inputs.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The trigger description is broad enough to match common phrases about packages or delivery status, which can cause the skill to activate in contexts the user did not intend. Unintended invocation is risky here because the skill may process tracking numbers and send them to a third-party API, exposing potentially sensitive shipment metadata.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill description does not clearly warn users that tracking numbers and related query data are sent to Kuaidi100, a third-party service. Tracking numbers can reveal shipment activity and possibly correlate to personal purchases or addresses, so failing to disclose external sharing undermines informed consent and privacy expectations.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script sends the tracking number and customer account identifier to Kuaidi100 over the network but does not disclose this data-sharing behavior in its usage/help text. In a package-tracking skill, this transmission is functionally necessary, but the lack of an explicit privacy notice can mislead operators about what identifiers are being disclosed to a third party.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal