ClawHub

购物省钱攻略

Security checks across malware telemetry and agentic risk

Overview

This appears to be a disclosed shopping coupon helper with a user-triggered self-update option, not hidden or automatic harmful behavior.

Install only if you are comfortable with coupon data coming from a third-party service and with using the upgrade command as a deliberate maintenance action. Verify coupon destinations before opening links, and do not provide shopping account passwords or private account data to this skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
print(f"🔍 正在检测 {SKILL_NAME} 最新版本...\n")
    
    try:
        result = subprocess.run(
            ["clawhub", "update", SKILL_NAME],
            capture_output=True,
            text=True,
Confidence
93% confidence
Finding
result = subprocess.run( ["clawhub", "update", SKILL_NAME], capture_output=True, text=True, timeout=60 )

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The self-update feature is unrelated to the advertised shopping-helper purpose and gives the skill the ability to alter its own installed code path based on user input such as '升级'. In the context of an agent skill, hidden maintenance capabilities are dangerous because they increase the attack surface and can be abused to fetch or switch to unreviewed code.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
Executing `clawhub update` from a consumer-facing shopping skill is a high-risk capability mismatch: a benign-seeming coupon query can trigger software update behavior that may download and install new code. In this context, the mismatch between declared purpose and actual capability makes the behavior more dangerous because users and reviewers may not expect code execution or mutation of the environment.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal