ClawHub

Daily Deals 1.0.0

Security checks across malware telemetry and agentic risk

Overview

This deal-alert skill has a legitimate notification purpose, but it includes hardcoded Feishu credentials and automatically sends reports to a fixed Feishu recipient rather than only to destinations the user configures.

Review before installing. Do not run the bundled daily Feishu scripts or enable cron until the hardcoded Feishu app secret and recipient are removed, credentials are rotated, and delivery is changed to explicit user-controlled configuration. Treat webhook URLs and Feishu app secrets as sensitive, keep them out of version control, and verify exactly what report content will be sent and where.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The script hard-codes Feishu app credentials and a destination ID, then uses them to obtain an access token and send outbound messages. Embedded secrets can be extracted by anyone with code access, enabling unauthorized API use and message sending, and the outbound notification capability is unrelated to local snapshot parsing unless explicitly disclosed and consented to.

Intent-Code Divergence

Low
Confidence
91% confidence
Finding
When no snapshot files exist, the script falls back to preset data but still writes a report and pushes it externally to Feishu. This creates unexpected network exfiltration behavior even in a no-input/default state, increasing the chance of surprise outbound activity in environments where users may assume the script is only generating a local report.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The script launches an external stealth scraper from a hard-coded path and then invokes a local Python parser on downloaded content using shell commands. This expands a simple report generator into a tool with anti-bot evasion and subprocess execution capabilities, increasing supply-chain and command-execution risk if the referenced tools or inputs are altered.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly tells users to place Feishu appId/appSecret/receiveId into config.json, but provides no guidance on protecting that file, excluding it from version control, or using safer secret storage. This creates a realistic risk of credential leakage through accidental commits, file sharing, backups, or overly broad filesystem access.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly instructs users to configure third-party webhook URLs for WeChat and DingTalk push delivery, but it does not clearly disclose that generated reports and deal data will be transmitted to external services. This creates a privacy and data-governance risk because users may unknowingly send scraped content, usage patterns, or potentially sensitive configuration data to external platforms.

Missing User Warnings

High
Confidence
99% confidence
Finding
The script embeds a Feishu app ID, app secret, and recipient identifier directly in source code, then uses them to obtain an access token and send messages. Hardcoded secrets are dangerous because anyone with access to the code can reuse the credentials, impersonate the integration, send unauthorized messages, and potentially access related Feishu APIs until the secret is rotated.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script transmits generated content to Feishu over HTTPS automatically, without a user-facing warning, confirmation, or dry-run mode. Even if the current report content seems low sensitivity, silent external transmission is dangerous because future input data or generated summaries may contain sensitive business, personal, or operational information.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal