ClawHub

Pharmaceutical Bidding

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-aligned, but it should be reviewed because it can automatically post business data to WeChat Work and includes helper/debug paths that expose WeCom secrets in output.

Review before installing. Use a test WeChat Work tenant/table first, restrict token permissions, remove or mask secret-printing examples and validation output, confirm exactly what fields will be sent, and enable the scheduler or crontab only after approving the destination and data-handling policy.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The method is documented and named as if it decrypts Enterprise WeChat callback messages, but it only logs and returns the encrypted input unchanged. This can cause downstream code to incorrectly treat untrusted ciphertext as validated plaintext, leading to logic errors, broken security assumptions, and possible exposure of sensitive callback data.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly describes automatically recording collected procurement information into WeCom smart tables but does not mention data classification, transmission safeguards, access controls, or operator consent. Even if the data is business-oriented rather than highly sensitive by default, this creates a real risk of unintended disclosure, overcollection, or unauthorized propagation into third-party enterprise systems, especially when API tokens and automated scheduled execution are involved.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill directs automatic collection and recording of externally sourced bidding information into a WeChat Work smart table without any notice, approval step, or data-handling guardrails. Even if the data is business-oriented rather than obviously sensitive, automated export to an external enterprise system can create privacy, compliance, and integrity risks if scraped content contains personal contact data, incorrect information, or restricted procurement details.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The troubleshooting example explicitly logs the Access Token to stdout, which can expose a live credential through terminal history, CI logs, shared consoles, or centralized log aggregation. Even in documentation, showing `console.log('Access Token:', token)` normalizes unsafe handling of secrets and can lead users to copy this pattern into real environments.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script retrieves an access token using configured credentials and then prints the first 20 characters of that token to stdout. Even partial credential/token disclosure can leak sensitive material into terminal history, CI logs, screenshots, or centralized log collectors, increasing the chance of unauthorized API use.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script prints the WeCom callback URL, token, and EncodingAESKey directly to stdout after validation succeeds. These values are secrets or sensitive configuration data, and exposing them in terminal output, CI logs, shell history captures, or shared support screenshots can enable unauthorized message forgery, interception setup, or broader compromise of the WeCom integration.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The code logs the callback payload directly via console.log during the supposed decryption path. Callback messages may contain sensitive business data, identifiers, or tokens, and writing them to logs can leak that data to log aggregation systems, operators, or other tenants.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal