ClawHub
Back to skill

Security audit

优惠券查询助手

Security checks across malware telemetry and agentic risk

Overview

This coupon skill does what it claims, but users should notice that it contacts a third-party coupon service and can update itself when explicitly asked.

Install only if you are comfortable with a coupon helper contacting a third-party coupon aggregation service and showing external coupon links. Do not ask it to upgrade unless you intentionally want ClawHub to replace this installed skill version.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
print(f"🔍 正在检测 {SKILL_NAME} 最新版本...\n")
    
    try:
        result = subprocess.run(
            ["clawhub", "update", SKILL_NAME],
            capture_output=True,
            text=True,
Confidence
95% confidence
Finding
result = subprocess.run( ["clawhub", "update", SKILL_NAME], capture_output=True, text=True, timeout=60 )

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
A coupon-query assistant should not perform software upgrade operations as part of its feature set. Embedding self-update logic allows the skill to modify its own code path or install new content, which is especially dangerous because users asking for discounts would not reasonably expect execution of an external package-management command.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The manifest/context describes a discount-query helper, but the code also accepts upgrade-related commands such as `--upgrade` and `升级`. This hidden capability violates least surprise and can be used to trigger package changes in contexts where the user intended only informational retrieval, increasing operational and supply-chain risk.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The activation description is overly broad for normal shopping-related language, which increases the chance of accidental invocation. Unintended invocation is dangerous here because the skill is also associated with higher-risk capabilities and behavior beyond simple coupon display.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The example trigger phrases are generic and unconstrained, making it unclear when the skill should activate. This increases the likelihood that ordinary conversation will invoke a skill that may perform network access or other unexpected actions.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The 'other phrasings' section includes very generic expressions like asking for ways to save money, which are likely to appear in normal conversation and collide with unrelated contexts. Because the skill has broader-than-advertised behavior, accidental activation becomes more security-relevant than it would be for a strictly passive skill.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal