ClawHub

瑜伽体式知识库 (CUC)

Security checks across malware telemetry and agentic risk

Overview

This yoga knowledge skill appears purpose-aligned, but it embeds a reusable remote database token and makes mandatory external queries without clear user-facing disclosure.

Review this before installing. It does not show destructive behavior or local data collection, but it will run a remote database query and ships with an embedded API token. The publisher should disclose the external service, remove or rotate the bundled token, and narrow the query scope.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill is described as answering yoga pose questions, but the script retrieves up to 100 full records from a remote NocoDB table rather than narrowly fetching only the data needed for a specific user query. This creates unnecessary data exposure and violates least-privilege/data-minimization principles, especially because the table contents may include metadata or fields not intended for end users.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The script embeds a hardcoded fallback NocoDB API token directly in the file, which means anyone with code access can reuse it to query the remote database. Hardcoded secrets are easily leaked through source control, logs, or package distribution, and the yoga knowledge skill context does not justify exposing persistent authenticated credentials.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The use of curl to perform a network call is itself expected shell behavior, but in this file it occurs without visible disclosure to the user or reviewer about external communication. That makes the finding valid as a transparency/privacy issue, though the security severity is lower than the exposed secret because the danger comes mainly from hidden network activity rather than command injection.

Missing User Warnings

Low
Confidence
78% confidence
Finding
The use of curl to perform a network call is itself expected shell behavior, but in this file it occurs without visible disclosure to the user or reviewer about external communication. That makes the finding valid as a transparency/privacy issue, though the security severity is lower than the exposed secret because the danger comes mainly from hidden network activity rather than command injection.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal