ClawHub

奇门遁甲排盘系统

Security checks across malware telemetry and agentic risk

Overview

This is a local fortune-charting skill with an extra browser UI that has CDN supply-chain/privacy caveats but no evidence of hidden data access, persistence, exfiltration, or destructive behavior.

Use the documented Node command for local-only behavior. Only open the HTML interface if you are comfortable with it loading third-party browser libraries and a Google font from the network; prefer a bundled/offline version if that matters to you.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The implementation materially diverges from the declared skill behavior: instead of a command-line/local chart-output tool, it is a browser application that depends on remotely loaded frontend frameworks. This mismatch expands the attack surface and can mislead reviewers or users about what code executes and what network access is required.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The page loads executable JavaScript from multiple third-party CDNs at runtime, which means the skill's behavior can change without review if any dependency or CDN is compromised. For a divination/charting skill that could operate locally, this is an unnecessary supply-chain and remote code execution risk in the client context.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Loading third-party scripts without clear user disclosure hides the fact that external parties can execute code in the page and receive requests/metadata such as IP address, user agent, and referrer. This undermines informed consent and makes review harder, especially when the stated skill purpose does not imply external connectivity.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal