ClawHub

Baidu Finance Search

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it disables HTTPS certificate checks while sending a Baidu API key and user queries.

Review before installing. Use only a limited Baidu API key, avoid confidential account data or non-public investment research in queries or message history, and prefer a fixed version that restores normal HTTPS certificate verification.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill documentation indicates capabilities to read environment variables, access files, and make network requests, yet it declares no permissions or equivalent user-facing disclosure. This creates a transparency and consent gap: users may invoke a skill that can access secrets such as API keys and transmit data externally without clear permission boundaries. In this context, the network and env access are expected for the described functionality, but the absence of declared permissions still makes misuse or overreach harder to detect.

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The code explicitly disables certificate and hostname verification before making the outbound HTTPS request. This allows a man-in-the-middle attacker to intercept or modify traffic, including the Bearer API key, user queries, and returned search content, defeating the security guarantees of HTTPS.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill documents use of Baidu's authenticated web search API and storage of an API key, but it does not clearly warn that user queries will be transmitted to Baidu's external service. Users may enter sensitive investment ideas, account-related information, or proprietary research under the assumption of local processing, causing unintended third-party disclosure. Because this is a finance-oriented search skill, prompts are reasonably likely to contain sensitive market analysis or confidential trading context, which increases the privacy risk.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill sends the user's query, optional conversation history, and system instruction to an external Baidu API without any explicit disclosure or consent step in the execution path. Because messages may contain sensitive financial research, account details, or internal context, this creates a privacy and data-governance risk, especially when users may not realize third-party processing is occurring.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal