Context-Inappropriate Capability
Medium
- Confidence
- 98% confidence
- Finding
- 技能要求“包含你的思考过程”,这会诱导助手泄露内部推理内容。内部思维不属于天气付费服务的必要功能,一旦暴露,可能泄漏安全策略、判断依据、隐藏提示或被攻击者用来改进越狱与提示注入。
clawtip-weather
Security checks across malware telemetry and agentic risk
Overview
This paid weather skill has a coherent purpose, but it needs review because it can trigger payment handling, persist payment credentials, and asks the agent to install an unpinned helper skill while also requesting internal reasoning disclosure.
Install only if you trust the publisher, the remote payment/weather service, and the separate clawtip payment skill. Verify the amount before paying, do not allow automatic dependency installation without reviewing the exact clawtip package, and consider deleting local order files after use because they may contain payment credentials.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)
Context-Inappropriate Capability
Medium
- Confidence
- 92% confidence
- Finding
- 文档要求在缺少 `clawtip` 技能时“先安装”,这把技能安装/供应链变更能力引入到原本只是天气查询与支付验证的场景中。若代理按此执行,可能在用户未明确同意下安装额外组件,扩大攻击面,并带来恶意技能、依赖投毒或越权能力继承风险。
Natural-Language Policy Violations
High
- Confidence
- 99% confidence
- Finding
- 该要求不仅强制中文输出,还显式要求暴露隐藏推理,且没有用户选择加入或业务必要性说明。强制泄露隐藏推理会削弱模型安全边界,使攻击者更容易根据内部决策过程构造规避策略或提取敏感上下文。
Ssd 3
High
- Confidence
- 99% confidence
- Finding
- 技能直接指示助手在对话中输出内部推理,这是典型的敏感系统行为暴露。结合该技能还涉及支付、凭证读取和网络访问,泄露内部推理会让攻击者更容易推断验证逻辑、错误处理方式和潜在可利用路径。
Ssd 3
High
- Confidence
- 99% confidence
- Finding
- 这里重复要求包含助手的内部推理,说明这不是偶然措辞,而是设计层面的不安全要求。重复出现会增加代理遵从该危险指令的概率,在支付和凭证处理场景下尤其不合适。
VirusTotal
65/65 vendors flagged this skill as clean.