ClawHub
Back to skill

Security audit

Gaokao Admissions

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Gaokao admissions helper that uses local reference files and optional web lookups, with no evidence of persistence, credential access, destructive behavior, or hidden data handling.

Install only if you are comfortable with admissions-related queries being sent to external education/search sites when live data is used. Treat recommendations as advisory and verify final school, major, and rank data against official provincial exam authority sources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill explicitly instructs use of live network access via web_fetch/web_search and a data-grabbing script, yet no declared permissions are present. This creates an authorization and transparency gap: a host or reviewer may not realize the skill can reach external sites, exposing users to unreviewed outbound requests, unstable third-party dependencies, and possible leakage of user-supplied academic/profile data in queries.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The documented behavior and the actual skill instructions diverge materially: the skill advertises a full admissions-advising workflow, but the analyzed behavior includes live scraping/search and incomplete use of promised inputs/outputs. This mismatch is dangerous because users may disclose sensitive personal and family information under false expectations, while the system may perform undisclosed external retrieval and provide decisions based on incomplete or different logic than represented.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal