ClawHub

UnionPay

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only UnionPay skill, but it reaches into sensitive financial account and investment areas without clear scope or controls.

Review before installing. Use it only as general UnionPay guidance unless the publisher narrows the scope and documents explicit consent, data sources, and limits. Do not provide credentials, full statements, tax records, or payment details to an agent through this skill, and verify transfers or financial information in the official UnionPay/云闪付 app.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill metadata says it provides UnionPay QR payment, transfers, and bank-card offers, but the body expands into investment products, P&L, holdings analysis, tax details, and asset-allocation guidance. This scope drift can cause the agent to handle highly sensitive financial and investment topics outside the declared purpose, increasing the chance of unsafe financial advice, over-collection of sensitive data, and accidental invocation in contexts the user did not intend.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The example trigger phrases are generic placeholders like '如何快速使用 云闪付 处理 [具体场景任务]?' and '核心功能/最新玩法/优惠信息', which are broad enough to match many unrelated requests. Overbroad activation criteria can route users into this skill when they did not ask for financial operations, creating a risk of inappropriate tool use, confusing responses, or unintended exposure of payment and account-related functionality.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal