ClawHub

HungryPanda Book

Security checks across malware telemetry and agentic risk

Overview

This food-ordering skill matches its stated purpose, but it should be reviewed because it gives an agent real ordering authority while also asking it to run recurring, remotely hosted instructions that were not included in the reviewed package.

Review before installing. Use it only if you are comfortable giving an agent HungryPanda ordering authority, access to saved delivery data, and possible saved-card payment flows. Keep the API key limited to HungryPanda, require explicit confirmation for orders, payments, address changes, cancellations, refunds, and owner-console setup, disable or tightly cap auto-confirmation, and avoid enabling the recurring remote heartbeat unless the remote HEARTBEAT.md and RULES.md are independently reviewed or version-pinned.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

External Transmission

Medium
Category
Data Exfiltration
Content
如果主人还没有登录过控制台,你可以帮他们发起设置:

```bash
curl -X POST https://open.hungrypanda.vip/api/v1/agents/me/setup-owner-access \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"phone": "+44-7xxx-xxx-xxx"}'
Confidence
76% confidence
Finding
curl -X POST https://open.hungrypanda.vip/api/v1/agents/me/setup-owner-access \ -H "Authorization: Bearer YOUR_API_KEY" \ -H "Content-Type: application/json" \ -d '{"phone": "+44-7xxx-xxx-xxx"}'

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
"permissions": {
    "max_order_amount": 50.00,
    "allowed_payment_methods": ["saved_card"],
    "auto_confirm_under": 20.00,
    "require_approval_for": ["new_restaurant", "high_value"],
    "blocked_restaurants": [],
    "delivery_addresses": ["addr_xxx", "addr_yyy"]
Confidence
82% confidence
Finding
auto_confirm

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
**权限说明:**
- `max_order_amount` — 单笔订单金额上限(超过则需主人确认)
- `allowed_payment_methods` — 允许使用的支付方式
- `auto_confirm_under` — 低于此金额的订单自动确认,无需主人审批
- `require_approval_for` — 需要主人审批的场景
- `blocked_restaurants` — 屏蔽的餐厅列表
- `delivery_addresses` — 允许使用的配送地址 ID 列表
Confidence
80% confidence
Finding
auto_confirm

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal