ClawHub

小爱舆情AI标注(OpenAI兼容)

Security checks across malware telemetry and agentic risk

Overview

This skill does the advertised Feishu table labeling, but it under-discloses required external model calls and sends table content to an arbitrary OpenAI-compatible endpoint.

Review before installing. Use a Feishu app limited to the intended Bitable, start with a small limit, and assume table content will be sent to the configured OpenAI-compatible provider. Do not use it on confidential, regulated, or personal data unless that provider and its retention terms are acceptable. Ask the publisher to declare the model-provider inputs, allowed network destinations, privacy behavior, and dry-run or rollback process.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Scope Creep

Medium
Confidence
91% confidence
Finding
The manifest declares network permission only for Feishu, but the description explicitly states the skill may call third-party model APIs in-process via OPENAI_API_KEY/OPENAI_BASE_URL/OPENAI_MODEL. This creates a security and governance mismatch: operators may believe outbound traffic is limited to Feishu while the implementation is designed to support additional destinations, which can enable unexpected data egress of table contents to external model providers.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill defines 'brand safety risk' so broadly that truthful allegations about defects, privacy issues, or safety concerns are automatically classified as risky merely because they are negative or unofficial. This creates a censorship and mislabeling mechanism that can suppress legitimate consumer complaints and safety reporting, especially in moderation or escalation pipelines.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The instruction that product-related replies 'must not admit defects' and must provide only positive guidance directly conflicts with objective risk assessment and incident handling. In practice, this can cause the system to conceal failures, mislead users during safety or privacy events, and block accurate acknowledgment of real harms.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal