ClawHub
Back to skill

Security audit

feapder

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent feapder coding helper, but users should be careful because its bundled upstream reference files include unsafe Redis parsing and credential-handling examples.

Install only if you want a feapder 1.9.2 coding reference. Do not run vendored reference code blindly, do not paste real cookies or passwords into examples, avoid untrusted Redis task/cache data, and keep debug Redis keys and database writes isolated from production.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

eval() call detected

High
Category
Dangerous Code Execution
Content
def get_task_from_redis(self):
        tasks = self._redisdb.zget(self._task_table, count=self._task_limit)
        tasks = [eval(task) for task in tasks]
        return tasks

    def get_todo_task_from_mysql(self):
Confidence
99% confidence
Finding
tasks = [eval(task) for task in tasks]

eval() call detected

High
Category
Dangerous Code Execution
Content
log.info("无response缓存  重新下载")
            response_obj = self.get_response(save_cached=save_cached)
        else:
            response_dict = eval(response_dict)
            response_obj = Response.from_dict(response_dict)
        return response_obj
Confidence
99% confidence
Finding
response_dict = eval(response_dict)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
DebugSpider emits a warning stating that debug mode will not write data, but when save_to_db=True it only skips replacing ITEM_PIPELINES and therefore can retain the application's normal persistence pipelines. This creates a misleading safety guarantee: developers may run a supposedly non-persistent debug session against production-like settings and unintentionally write records or trigger side effects in downstream storage.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
Response cache loading uses Redis-backed data as executable input via eval(), creating a direct code-execution path from cache storage into application runtime. In a scraping framework, Redis is often shared infrastructure, so compromise or poisoning of cache entries can lead to full process takeover.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation explicitly shows supplying a database password on the command line. Command-line arguments are commonly exposed through shell history, process listings, audit logs, and screenshots, so this can leak credentials to other local users or logging systems. In the context of a developer CLI guide, this is more dangerous because readers are likely to copy-paste the example directly into real environments.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation recommends storing MySQL credentials in environment variables but does not mention that these values are sensitive or how to protect them. Environment variables are often inherited by child processes, can be exposed in CI/CD logs, crash dumps, shell init files, and shared user environments, so presenting this without safeguards promotes insecure secret handling. The skill context increases risk because it is operational guidance aimed at developers configuring real database access.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The curl example contains a full Cookie header with what appears to be live session tokens and gives no warning to redact authentication material before sharing or pasting requests. Session cookies can enable account/session hijacking if reused, and documentation that normalizes copying such data into terminals or tickets materially increases accidental credential exposure. In a debugging skill, this is especially risky because users are encouraged to paste captured traffic from browsers and proxies.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
Debug mode forces DELETE_KEYS=True in __debug_custom_setting__, and later run() deletes tables matching self._redis_key + "*". Because __init__ derives the debug redis key by appending "_debug" to a caller-provided redis_key without validating scope, this can cause broad Redis key cleanup that may remove more state than an operator expects, especially in shared Redis environments.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
This finding is the same underlying issue as the eval() call: Redis task data is treated as executable Python code without disclosure or safety controls. In a spider framework, task payloads often originate from external queues or shared systems, so unsafe deserialization in this context materially increases the likelihood of remote code execution.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The debug log prints the full request URL, method, and request arguments, which can include headers, cookies, auth data, and proxy settings. This can expose session tokens, credentials, or other sensitive data into logs, creating a secondary disclosure channel even if the network request itself is legitimate.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dynamic_code_execution

Dynamic code execution detected.

Critical
Code
suspicious.dynamic_code_execution
Location
references/vendor/feapder-1.9.2/feapder/core/spiders/task_spider.py:360

Dynamic code execution detected.

Critical
Code
suspicious.dynamic_code_execution
Location
references/vendor/feapder-1.9.2/feapder/network/request.py:527