ClawHub

liuyao-xueer

Security checks across malware telemetry and agentic risk

Overview

This is a local divination webpage with an optional user-configured LLM call; it is not hidden or destructive, but users should be careful with API keys and sensitive questions.

Install only if you are comfortable using a local page that can send your question and API key to the LLM endpoint you configure. Keep the default or another trusted provider URL, use a revocable or limited API key, and avoid entering sensitive medical, financial, legal, or deeply personal details unless you accept that they may be processed by that provider.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill exposes a user-editable API base URL and then sends the user's divination question, derived hexagram data, and API key to that endpoint. This creates an arbitrary exfiltration channel to any host the user enters, which is broader than the declared fortune-telling purpose and materially increases the chance of credential and sensitive-input disclosure.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The page is presented as a divination UI, but its configurable model, custom model option, API base input, and direct chat-completions call make it function as a generic client-side LLM console. That mismatch expands capability beyond the declared skill scope and can mislead users into supplying secrets or sending data to unintended providers.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill advertises sending divination content to external LLM providers but provides no privacy notice, consent guidance, or warning that user-entered questions may be transmitted off-device. This is dangerous because users may input sensitive personal, financial, medical, or relationship information into a fortune-telling workflow without understanding that it will be shared with third-party APIs.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The instructions tell users to enter API keys and endpoint information directly into the page without any warning about secret handling, storage, browser exposure, or phishing risk. In a browser-based skill, this can lead users to paste long-lived credentials into untrusted local pages or share screenshots/configs accidentally, resulting in credential theft or unauthorized API usage.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The code posts the user's question and bearer API key directly to a configurable external endpoint without a prominent warning or consent flow. Because the endpoint is editable, users can unknowingly transmit both sensitive prompts and credentials to an attacker-controlled server.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal