ClawHub

ai-zidong-tibug

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent ZenTao bug-ticket helper, but it defaults to using credentials to create real external tickets and store a reusable token locally.

Install only if you intentionally want the agent to log in to ZenTao and create real defect tickets. Set ZENTAO_URL explicitly, use a least-privileged account, review product/module/assignee/attachments before submission, prefer --dry-run first, and protect or delete the saved token file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad enough that ordinary requests such as organizing review notes or writing bug titles could invoke a skill that defaults to external login and ticket creation. In this context, overbroad invocation is dangerous because accidental activation can lead to credential use and unintended bug submissions in a production tracking system.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill defaults to automatically logging into ZenTao and creating tickets unless the user explicitly opts out, yet it does not present a prominent warning that credentials will be used and external records will be created or modified. Default-on external side effects are particularly risky here because the skill also stores auth state locally and may upload attachments, making accidental data disclosure and unauthorized workflow changes more likely.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The template explicitly instructs operators to populate credential-bearing environment variables and run login/submission scripts that authenticate to ZenTao and perform external state-changing actions, but it provides no consent gate, warning, scope limitation, or secret-handling guidance. In this skill's context, the danger is increased because the advertised behavior includes automatic login and automatic bug submission, so a user may be pushed from content formatting into unattended credential use and mass ticket creation with real account privileges.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script persists a live ZenTao API token to a local JSON state file, which can expose authentication material to other local users, backup systems, logs, or accidentally committed workspace files. In this skill’s context, the script performs automatic bug submission against a real project-management system, so token leakage could enable unauthorized access or ticket manipulation until the token expires or is revoked.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal