ClawHub

DianPing-Search

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Dianping lookup skill, but it stores and can display live Dianping session cookies, so users should review it carefully before installing.

Install only if you are comfortable giving this skill Dianping session cookies. Treat ~/.dianping/cookies.json and any terminal output from --set-cookies, --renew, or --export as sensitive account material; avoid using --export, avoid sharing logs/screenshots, and delete the cookie file when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (12)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill exposes filesystem, network, and shell capabilities while declaring no permissions, which creates a transparency and policy-enforcement gap. In this context, the capabilities are plausibly needed for curl-based API access and cookie storage, but undeclared access makes it easier for a skill to perform side effects users and hosting platforms are not expecting.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The skill is presented primarily as a restaurant/business lookup API, but it also manages Dianping authentication cookies, can export them, validates sessions, and guides browser-based renewal. That mismatch is security-relevant because users may provide or authorize the skill without realizing it handles reusable authentication material that could enable account access if exposed.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The installer deploys a helper that stores Dianping authentication cookies locally and provides an explicit `--export` capability to print them back out. For a restaurant/business lookup skill, exporting reusable session cookies is not necessary for core functionality and increases the risk of credential theft, accidental disclosure in logs, or abuse by other tools/users on the system.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The skill reads Dianping cookies from ~/.dianping/cookies.json and silently reuses them for outbound requests. That grants the script access to the user's authenticated web session, which exceeds the stated restaurant lookup purpose and can expose account-linked data or perform requests as the user without explicit consent.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The file is a login-helper that acquires, stores, validates, and reuses Dianping authentication cookies, which materially exceeds the stated skill purpose of restaurant and business lookup. Expanding a lookup skill into credential-management increases the chance of account misuse and secret handling failures, especially in agent environments where users may not expect auth material to be collected locally.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The export_cookies function prints raw authentication cookies to stdout, directly exposing reusable session credentials. In a CLI, agent, or logged execution environment, stdout may be captured in shell history, logs, telemetry, screenshots, or transcripts, enabling account takeover by anyone who can read that output.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The renew flow opens a browser and instructs the user to extract dper and dplet from developer tools and paste them into the script, effectively training users to manually disclose session secrets. This bypasses safer authentication patterns and normalizes unsafe credential handling that can easily lead to leakage through clipboard history, shoulder surfing, terminal logs, or accidental sharing.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The instructions tell users to store live authentication cookies locally in ~/.dianping/cookies.json without warning about credential theft, local-user access, logging exposure, or account takeover risk. Because dper/dplet appear to be sufficient for authenticated access, mishandling or leakage of that file or pasted cookie string could let an attacker reuse the session.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
Local cookies are loaded and attached to every outbound Dianping request without any user-facing notice or consent flow. This can leak authenticated session tokens to network destinations and enables the tool to act under the user's account context, which is especially risky for a skill whose declared function is public business lookup.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script writes authentication cookies to ~/.dianping/cookies.json without setting restrictive file permissions and then echoes credential material to stdout. Plaintext secret storage plus console disclosure creates multiple leakage paths, including local multi-user access, backups, malware collection, and log aggregation.

Ssd 3

High
Confidence
98% confidence
Finding
The script includes explicit capabilities and instructions to reveal, print, and manually copy live authentication cookies. Because these cookies are bearer-style session credentials, disclosing them is effectively equivalent to disclosing account access and is especially dangerous in agent workflows where outputs may be retained or observed.

Ssd 3

Medium
Confidence
97% confidence
Finding
The setup flow prints the full dplet value and part of dper back to the console after saving, unnecessarily exposing credential material. Even partial secret echoing is risky, and printing a full live session cookie can immediately compromise the associated account if terminal output is logged or shared.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal