ClawHub

Earthquake Monitor

Security checks across malware telemetry and agentic risk

Overview

The skill appears to monitor earthquakes as advertised, but users should review it because it misstates webhook secret storage and the actual data-source path.

Install only if you are comfortable with earthquake data being fetched through api.wolfx.jp rather than directly from the named government agencies. Do not store sensitive webhook URLs unless you protect config.json yourself, because parts of the documentation claim encryption but the code stores them in plaintext. Use stop() when continuous monitoring is no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The documentation contains a direct contradiction: the changelog says encryption for webhook storage was removed, while the Security section still claims webhook URLs are AES-256-CBC encrypted at rest. This can mislead users into storing sensitive webhook tokens under a false assumption of protection, increasing the risk of credential exposure if config files are read, synced, or logged.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The module is labeled as a China Earthquake Networks Center source, but it actually pulls data from a third-party wolfx.jp endpoint. This is a supply-chain and trust-boundary issue because operators or downstream users may assume the data is authoritative CENC data when it is brokered by an unaffiliated service, which can affect integrity, availability, and compliance expectations.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The code invokes a shell command (`curl`) through `child_process.exec` to perform a simple HTTP fetch. Even though the command string is currently static and not directly user-controlled, using a shell adds unnecessary attack surface, creates dependency on the host environment, and can become command-injection-prone if the URL or flags are ever made dynamic.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill documents webhook support and external notification formatting but does not clearly warn users that earthquake data and potentially location-relevant alerts will be transmitted to third-party services such as DingTalk/Feishu. In a monitoring skill that may be configured with user location and alert preferences, insufficient disclosure creates a privacy and data-handling risk, especially in environments where outbound integrations are restricted or audited.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal