ClawHub

胡田 OPC导师 技术尽调 英文版

Security checks across malware telemetry and agentic risk

Overview

This due-diligence skill is coherent, but it asks agents to use credentials and persist sensitive business documents/reports in IMA without enough consent, retention, or access-scope controls.

Install only if you are comfortable giving the skill access to IMA and confidential due-diligence materials. Use scoped, revocable API keys; approve each document import and report write-back; confirm who can access the target knowledge base and how long data is retained; and redact sensitive names, patents, financials, and client details before external web searches.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The documented workflow expands beyond initial technical due diligence by generating channel/cooperation plans, which is a scope increase from assessment into business strategy output. That broadening is risky because it can cause the skill to process or infer additional sensitive commercial information and produce downstream decision artifacts that were not clearly bounded by the stated purpose.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The file instructs the agent to obtain authentication material from SECRET.md or environment variables, introducing secret access behavior that is not necessary to merely describe a due-diligence process. In an agent setting, telling the skill where secrets live materially increases the chance of credential exposure, misuse, or overbroad access to internal knowledge systems.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The workflow tells operators to import customer documents into IMA and later persist generated reports back into the knowledge base, but it does not require user notice, consent, retention limits, or privacy handling. Because due-diligence materials often contain confidential business, personal, and patent-related information, silent persistence creates meaningful confidentiality and compliance risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The document explains credential sources and API-key usage but omits basic safeguards for handling sensitive authentication material such as non-disclosure, rotation, scope limitation, and prohibition on logging. In a skill that interacts with external knowledge systems, this omission makes accidental leakage or insecure operationalization more likely.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal