ClawHub

Diankeyuan Contacts

Security checks across malware telemetry and agentic risk

Overview

This appears to be a personnel directory skill, but it stores and deletes identifiable staff records without enough disclosed controls.

Review before installing. Use it only for personnel data you are comfortable storing in a local JSON file, restrict filesystem access where possible, and make backups before allowing delete operations. Prefer an updated version that declares its file permissions, documents what data is stored, and requires confirmation before deleting records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill explicitly states it reads from and writes to a local JSON file, but no permissions are declared. This creates a trust and transparency gap: users and the hosting platform may not realize the skill persists data locally, which can lead to unauthorized handling of personnel information and make review or sandboxing less effective.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill supports deleting personnel records with no indication of confirmation, undo, or recovery. An accidental or maliciously triggered delete could permanently remove operational contact information, affecting availability and integrity of the dataset.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill stores identifiable personnel and office-location data in a local JSON file without any privacy warning, retention guidance, or access controls. Even if the data seems work-related, it can still be sensitive organizational information that may be exposed to other local users, backups, logs, or malware on the host.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal