ClawHub

胡田 OPC导师 获客分包平台

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed subcontracting workflow and document-generation skill, but real use should add strong privacy and payment controls.

Install only if you intend to use it as a business-process and contract-template toolkit. Before using it with real customers, credit records, public ratings, identity documents, bank/account details, or payouts, require informed consent, restrict who can view or change records, keep audit logs, and make every settlement, deduction, credit change, and data sync explicitly reviewable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill defines workflows and scripts that generate contracts, reports, and other artifacts and explicitly references writing those outputs to the local filesystem, yet it does not declare corresponding permissions. This creates a hidden capability boundary issue: an agent or platform may invoke file-writing behavior without users or reviewers having clear visibility into that access.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The declared purpose frames the skill as an operational customer-acquisition and task-matching tool, but the content also includes automated contract generation, bid scoring, ranking, recommendation, and local file output. This mismatch is dangerous because it can cause users, policy engines, or reviewers to underestimate the sensitivity of the skill, especially where legal documents and procurement-like decisions are being generated automatically.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The document defines direct data exchange with other skills for ability tags, historical evaluations, user classification, project status, and channel pricing, but does not specify user notice, consent, purpose limitation, retention, or access controls. In a platform handling identifiable member profiles and project data, silent cross-skill synchronization can lead to unauthorized disclosure, over-collection, and compliance violations.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The knowledge retention design stores project background, solutions, outcomes, member capabilities, and evaluation records in case and personnel repositories without any privacy safeguards or de-identification guidance. Because these records may contain personal performance history, client information, and confidential project artifacts, unrestricted retention and reuse can expose sensitive data beyond the original transaction context.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The template requires bidders to authorize credit verification and inclusion in a credit archive, but it does not explain what data will be collected, the legal basis, retention period, sharing scope, or how the information will be protected. In a customer-acquisition platform context, this can lead to over-collection or opaque processing of sensitive business or personal credit data, creating privacy, compliance, and trust risks.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The design explicitly describes collecting evaluation data, credit records, dispute outcomes, and synchronizing them to external skills/services, but it does not define consent, notice, minimization, retention, or access-control requirements. In a platform handling identity, reputation, and transaction-linked records, silent cross-system syncing can expose sensitive business and personal data, create profiling risks, and cause compliance violations if users are unaware or cannot control the sharing.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The document describes automatic settlement and sending payout instructions to a settlement service, but it does not define strong authorization, confirmation, exception handling, fraud controls, or user-visible warnings around irreversible fund movement. In a multi-party subcontracting and escrow context, missing control points can lead to misdirected payments, unauthorized payouts, disputes, or abuse of automated financial actions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal