ClawHub

China company search fengniao

Security checks across malware telemetry and agentic risk

Overview

This is a coherent China company lookup skill that sends user-requested business searches to the disclosed Riskbird/Fengniao API, with no hidden persistence, local data harvesting, destructive behavior, or unrelated access found.

Install only if you are comfortable sending company names, person names, entity IDs, and related due-diligence queries to Riskbird/Fengniao. Use a private `FN_API_KEY` only if you trust the skill and provider, and avoid submitting highly confidential target lists unless that external sharing is acceptable for your workflow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill declares an extremely broad discovery and auto-invocation scope for essentially any China company search or risk-check request. Combined with `auto_invoke: true`, this can cause the agent to route user queries and company identifiers to an external service without sufficiently explicit user intent or consent, increasing the chance of unintended data disclosure and inappropriate tool triggering.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs use of an external commercial API and mentions API-key handling, but it does not provide a prominent user-facing warning that user queries, company names, and potentially sensitive diligence targets will be transmitted to a third-party service. This creates a transparency and privacy risk, especially in compliance, onboarding, and investigative contexts where the queried entity itself may be sensitive.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The document explicitly specifies passing the API key via a URL query parameter (`apikey`), which is an insecure pattern because URLs are commonly logged by servers, proxies, browser history, monitoring tools, and referrer headers. In a KYB/compliance skill that may be used in enterprise workflows, this increases the chance of credential leakage and unauthorized access to sensitive company-search data.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The file hardcodes a shared fallback API key and automatically uses it whenever the user has not configured a personal key. This exposes a credential to anyone with access to the skill source, enables unauthorized use of the vendor account, and can cause quota exhaustion, billing abuse, service suspension, or key revocation for all users relying on the shared credential.

Vague Triggers

Medium
Confidence
96% confidence
Finding
Several aliases in this range are generic everyday terms such as supplier-, contract-, interview-, target-company-, and boss-related phrases that can plausibly appear in normal conversation without an explicit intent to invoke this skill. In an agent environment, this increases the chance of unintended activation and automatic retrieval of sensitive corporate due-diligence or legal-risk data, which can cause privacy, compliance, and workflow-integrity issues even if no code execution is involved.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The manifest exposes very broad enterprise-search keywords such as company lookup, subject search, and name matching without any visible activation boundaries, user confirmation requirements, or disambiguation rules. In an agent environment, this can cause over-triggering on ordinary business conversation and lead to unintended retrieval of corporate registry and risk data, creating privacy, compliance, and inappropriate tool-use risks.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal