ClawHub

Ouyi API Tool

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed wrapper for sending prompts to the Ouyi chat API, but users should treat it as an external-service integration rather than a local-only skill.

Install only if you are comfortable sending selected prompts to the Ouyi API provider. Invoke it explicitly for Ouyi use, avoid confidential, personal, credential, or regulated data, and prefer setting OUYI_API_KEY in the environment instead of editing the script to store a key.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger description is overly broad, covering generic requests about AI reasoning, investing, gold, and technical questions. Such ambiguity can cause the skill to activate in many unrelated contexts and route sensitive user prompts to an external API unexpectedly, increasing the chance of unintended data exposure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation tells the operator to run a script and return results but does not warn that user prompts are transmitted to a third-party endpoint. Without clear disclosure, sensitive or regulated data may be sent off-platform without informed user consent, which is a real privacy and compliance risk.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation criteria are broad enough to trigger on generic requests like investment or technical analysis, which can cause the skill to be invoked when the user did not explicitly choose this third-party provider. In this skill's context, overbroad routing increases the chance that ordinary user prompts are unnecessarily sent to an external API, creating avoidable privacy and policy risk.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs direct transmission of user prompts to a third-party endpoint but does not warn that the content leaves the local system. That omission is dangerous because users may provide sensitive financial, technical, or personal data without informed consent, and the skill's workflow explicitly routes content to an external API.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Telling users to paste their API key directly into the script encourages insecure credential handling, which can lead to accidental commits, local leakage, or reuse of secrets in unsafe ways. Hardcoded secrets are especially risky in shared environments and skill repositories because they are easy to expose and hard to rotate safely.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill’s activation criteria are very broad, covering generic requests such as AI reasoning, investment, gold, and technical questions. In an agent system, this can cause the skill to trigger for many ordinary prompts and unnecessarily route user data to this skill’s external API workflow, increasing privacy and prompt-routing risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation explicitly instructs the agent to run a local script that sends user prompts to a third-party endpoint, but it does not require a user-facing disclosure or consent step before transmitting potentially sensitive content. This creates a real data-handling vulnerability because normal user requests may be exfiltrated outside the local environment without informed approval.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script sends raw user-supplied prompts and an API bearer credential to a third-party service without any built-in user disclosure, consent, or minimization. In an agent skill context, users may reasonably believe analysis happens locally, so this can expose sensitive prompts, investment data, or technical material to an external provider without informed consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal