ClawHub

单SKU门店分析

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended for retail SKU analytics, but it relies on unreviewed local API code and can expose raw store analytics data beyond its summarized report.

Install only if you trust the publisher and the external api_client on the target machine, and only use it with accounts authorized for the relevant store data. Prefer a revised version that bundles or declares its API client, documents credentials and permissions, removes or gates raw_data, and requires explicit store/SKU/date confirmation before fetching analytics.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill imports code from a hard-coded local developer path under /Users/..., which exposes internal environment details and creates an unsafe dependency on code outside the skill boundary. In practice this can lead to accidental execution of unreviewed local code, portability failures, and leakage of sensitive filesystem structure if the skill is shared or deployed.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The returned result includes raw backend responses for goods and performance, which goes beyond the described analytical output and may expose unnecessary internal or sensitive business data to downstream callers. Returning raw payloads increases the blast radius of any backend overexposure, because fields not intended for end users are passed through without filtering.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger conditions are very broad and match generic product-performance questions without explicit constraints on store context, SKU identification, or user intent. In an agent environment, this can cause unintended invocation on ordinary conversations, potentially exposing store analytics, inventory, and clerk-performance data when the user did not clearly request or authorize such access.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal