ClawHub

云效工作项管理

Security checks across malware telemetry and agentic risk

Overview

This Yunxiao project-management skill appears coherent, but it needs review because it can use a stored access token to read and modify project data under broad triggers.

Install only if you are comfortable giving the skill access to your Yunxiao workspace. Use a least-privilege token, keep config.json out of source control, rotate the token if exposed, and require explicit confirmation before any create or update action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill instructs the agent to run local Python scripts and call external Yunxiao APIs, which clearly implies file-read and network capabilities, yet no explicit permissions are declared in the skill metadata. Undeclared capabilities weaken policy enforcement and user awareness, making it easier for a broadly triggered skill to access local paths and send data to remote services without transparent authorization boundaries.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README instructs users to store a personal access token directly in `config.json` but provides no warning about protecting that file, excluding it from version control, or using a safer secret storage mechanism. In a skill that automates API operations against a real project-management platform, accidental disclosure of that token could let an attacker read or modify work items across the user's organization.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The activation text uses broad phrases such as '任务管理' and '项目管理', which can match many ordinary conversations unrelated to this specific Yunxiao integration. In this skill's context, accidental activation is more dangerous because the skill can query projects and create or update work items over the network, potentially causing unintended data access or state-changing actions in a real DevOps environment.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal