ClawHub

Qibook Company Profile

Security checks across malware telemetry and agentic risk

Overview

This skill performs a disclosed QiBook company and person lookup using a configured API key, with no hidden persistence or unrelated local access found.

Install only if you intend to send company names, person names, and optional province information to the configured QiBook API. Set QIBOOK_BASE_URL only to the official trusted endpoint, protect QIBOOK_ACCESS_KEY like any API credential, and be aware that casual company or owner/person lookup requests may invoke the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tainted flow: 'url' from os.environ.get (line 36, credential/environment) → requests.get (network output)

Critical
Category
Data Flow
Content
url = f"{BASE_URL}/skill/entData/combinedQuery"
    headers = {'access_key': ACCESS_KEY}
    try:
        response = requests.get(url, headers=headers, params=filtered, verify=True, timeout=30)
        return response.json()
    except requests.exceptions.Timeout:
        return {'code': -1, 'msg': '请求超时'}
Confidence
84% confidence
Finding
response = requests.get(url, headers=headers, params=filtered, verify=True, timeout=30)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation guidance is broad enough to trigger on routine requests about a company or a person, including named individuals, without requiring the user to clearly request external data retrieval or person-entity correlation. In context, this increases the chance of over-collection and disclosure of personal/business relationship data beyond what the user expected, especially because the skill can query both companies and individuals and expand into related entities.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill description and usage guidance do not adequately disclose that it can retrieve and correlate information about named individuals, such as companies they are associated with, positions, and investment relationships. That lack of notice is risky because users may invoke the skill casually without understanding that it performs external person-centric profiling and relationship mapping.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The script sends user-supplied enterprise or personal identifiers to an external API via call_api(params) without any visible notice, consent flow, or data-minimization control in this file. Because the skill is explicitly used to query companies, bosses, shareholders, executives, and legal representatives, it may transmit personally identifying or commercially sensitive lookup terms to a third-party service unexpectedly.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal