ClawHub

快递追踪助手

Security checks across malware telemetry and agentic risk

Overview

This skill is a courier-tracking helper that uses a public tracking service and optional local tracking history, both of which fit its stated purpose.

Install only if you are comfortable sending package tracking numbers to kuaidi100.com for lookup and saving tracked packages in a plain local JSON file. Use one-off query commands if you do not want to add shipments to the saved list, and be careful with clear/delete commands because they modify the local tracking history.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill stores tracking numbers and shipment status in a local file under the user's home directory, which expands behavior from transient lookup to persistent data retention. Tracking numbers can reveal purchasing activity and delivery metadata, so retaining them without clear disclosure or consent increases privacy risk and expands the data exposure surface.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The command handler supports add/list/delete/clear tracking management that is not reflected in the stated skill purpose of simply querying shipment status and auto-detecting carriers. Hidden or undocumented stateful features are risky because users may not realize the skill is maintaining a history of their packages and can mutate stored data unexpectedly.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation says the skill uses a public courier API but does not clearly warn users that tracking numbers will be sent to that external service. Tracking numbers can reveal purchase activity, merchant relationships, delivery timing, and potentially sensitive personal logistics metadata, so silent transmission creates a privacy exposure.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The function sends user-supplied tracking numbers and inferred carrier information to kuaidi100.com, an external service, without any user-facing notice in the code path. Tracking numbers are personal logistics data, so silent transmission to a third party creates a privacy and transparency issue even if the transmission is functionally necessary for the feature.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The clear-all command wipes all saved tracking entries immediately with no confirmation, preview, or undo. In an agent setting, accidental invocation, ambiguous parsing, or prompt-triggered actions could cause unintended loss of locally stored user data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal