ClawHub

人身损害赔偿计算

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed personal-injury compensation calculator that only reads its bundled reference files and writes user-requested result files.

Install only if you are comfortable running a local calculator for sensitive injury-compensation cases. Avoid saving outputs in shared or cloud-synced folders unless intended, and review any exported Markdown, JSON, or XLSX files as confidential legal/medical records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill instructs the agent to read local reference files and write output files such as Markdown, JSON, and XLSX, but the metadata does not declare corresponding permissions. Undeclared file read/write capability weakens least-privilege enforcement and can lead to unexpected access to local data or unintended file creation if the runtime trusts the manifest for policy decisions.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The script can write calculation output containing personal injury, medical, dependency, and compensation details directly to disk via --output without any explicit warning, confirmation, or privacy guardrail. In legal/medical contexts, silent local persistence increases the risk of unintended disclosure through shared machines, synced folders, backups, or improper file handling.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The XLSX export writes structured compensation details, notes, and legal-basis context to disk, which may include sensitive personal/legal information and is easy to redistribute or leave behind unintentionally. Spreadsheet files are especially likely to persist in user directories, cloud sync services, or email attachments, increasing confidentiality risk if users are not clearly warned.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal