ClawHub

用户询问回收、估价、报价、回收价、值多少钱、能卖多少、转转回收时触发,支持全品类商品回收估价,结合图片、文字、型号、规格、成色等信息给出参考回收价

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Zhuanzhuan trade-in estimator, but it needs Review because it can over-trigger, upload arbitrary local files as images, redirect payloads with a custom base URL, and persist session/IP state.

Install only if you are comfortable sending item descriptions and photos to Zhuanzhuan for valuation. Do not pass unrelated local file paths as --image, avoid --base-url unless you fully trust the destination, and reset state between unrelated valuation sessions if shared or sensitive environments are involved.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The script persists skill_token, session_id, valuation context, and client IP under the user's home directory and reuses them across invocations. In a multi-user, shared-agent, or sensitive environment, this creates privacy and session-confusion risk because later runs may unintentionally inherit or expose prior user context beyond what a simple one-shot estimator needs.

Context-Inappropriate Capability

Low
Confidence
81% confidence
Finding
The script inspects multiple host session/thread environment variables and uses them to derive per-thread state filenames. While not directly exploitable on its own, it increases coupling to host runtime metadata and enables broader tracking and state retention than is necessary for a recycle-price estimation helper, which expands privacy and cross-context confusion risk.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The English trigger guidance is intentionally broad enough to match generic resale questions like 'how much is this worth' or 'how much can I sell this for,' which can cause the skill to activate outside the intended Zhuanzhuan recycle context. This creates skill-routing ambiguity and may misdirect users into branded recycle flows when they are asking for general advice, competitor pricing, or marketplace valuation.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The Chinese trigger description includes very common phrases such as '值多少钱' and '能卖多少' without strong scope constraints, so the skill may capture ordinary second-hand pricing questions unrelated to Zhuanzhuan recycle. In a skill-routing system, this overbreadth can lead to unintended invocation, poor user experience, and biased redirection toward a specific service.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger keywords include broad everyday resale terms such as '卖掉', '出掉', '闲置', and '值多少钱', which can match many unrelated user requests. Over-broad activation can route conversations into this skill unexpectedly, causing unintended data collection, misleading responses, or unnecessary transmission of user text/images to the recycle valuation backend.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The skill says it should trigger even when the user has not clearly identified a recycle category, based on partial clues like brand, model, or images. In a multimodal assistant, this ambiguity increases the chance of accidental invocation and external processing of user-provided content without sufficiently clear intent.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script reads arbitrary local image paths, base64-encodes their contents, and sends them to a remote endpoint. In an agent setting, that behavior can exfiltrate sensitive local files if a user or upstream tool supplies an unexpected path, and the risk is heightened because the skill's purpose encourages image submission but provides no explicit transmission warning or path restrictions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script transmits client IP data to the remote API and can silently reuse a previously stored IP from local state. IP addresses are personal/sensitive metadata in many environments, and silent reuse makes disclosure less visible and more dangerous than a one-time explicit parameter would be.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal