ClawHub
Back to skill

Security audit

企业别名生成器

Security checks across malware telemetry and agentic risk

Overview

This skill mainly generates company aliases, but it can automatically send spreadsheet company names to Baidu despite documentation saying web lookup is optional or disabled.

Review or modify the script before installing. Use it only with non-sensitive company lists unless you disable the Baidu lookup, add an explicit opt-in flag, and replace the absolute external import with bundled or clearly declared code.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
try:
        # 使用百度搜索查询企业简称
        search_query = f"{company_name} 简称"
        result = subprocess.run(
            ['curl', '-s', '-A', 'Mozilla/5.0', '-L',
             f'https://www.baidu.com/s?wd={search_query}'],
            capture_output=True, text=True, timeout=10
Confidence
90% confidence
Finding
result = subprocess.run( ['curl', '-s', '-A', 'Mozilla/5.0', '-L', f'https://www.baidu.com/s?wd={search_query}'], capture_output=True, text=True, timeout=1

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The skill description says network querying is optional, but the processing flow performs web lookups automatically for many companies. This mismatch is security-relevant because users may run the tool expecting offline processing while sensitive organizational data is transmitted externally by default.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
Company names from the input spreadsheet are transmitted to an external website without explicit notice, consent, or confirmation in the main execution path. In an enterprise data-cleaning skill, those names may be sensitive, proprietary, or regulated, making silent exfiltration to a third party materially risky.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal