Security audit

海康云眸设备分组管理

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says for Hik-Cloud device group management, but it can change cloud device organization data and handles sensitive tokens with limited safeguards.

Install only if you intend to let OpenClaw manage Hik-Cloud device groups. Use least-privilege Hik credentials, avoid passing access tokens on the command line, protect or periodically clear the token cache, keep base URL overrides to trusted Hik-compatible endpoints, and manually review exact group and device identifiers before any delete, update, create, or transfer command.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill clearly uses sensitive capabilities: reads secrets from environment variables, makes network requests to an external API, and writes a token cache file to disk, yet it does not declare permissions. This creates a transparency and governance gap: users or the host platform may not realize the skill can access credentials and persist authentication material locally.

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The documentation states that the skill will automatically reuse explicit tokens, environment variables, or cached credentials, and if absent will obtain a new token using environment client credentials. In an agent skill context, this can cause credential use and outbound authentication without clear user awareness or consent, increasing the risk of unintended access to protected APIs or misuse of ambient secrets.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The script persists OAuth access-token material to a predictable file in the user's home directory without setting restrictive permissions, encryption, or presenting any disclosure to the user. On multi-user systems or misconfigured environments, another local process or user may be able to read the cached token and reuse it to access the Hik-Cloud API with the victim's privileges.

Credential Access

High

Category: Privilege Escalation
Content: 通用参数： - `--base-url`：显式指定接口域名，优先级高于环境变量 - `--access-token`：显式指定 access token - `--timeout`：请求超时秒数，默认 `20` - `--token-cache-file`：token 缓存文件，默认 `~/.cache/hik_open/token.json` - `--format`：`text` 或 `json`
Confidence: 91% confidence
Finding: access token

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dynamic_code_execution

Dynamic code execution detected.

Critical

Code: suspicious.dynamic_code_execution
Location: tests/test_hik_open_device_group_management.py:20