ClawHub

qianfan-deepresearch

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Baidu Qianfan DeepResearch wrapper that uses a user-provided API key to generate reports, with no evidence of hidden or malicious behavior.

Install only if you are comfortable sending research topics, generated outlines, and your Qianfan API key usage to Baidu Qianfan. Prefer using QIANFAN_API_KEY from a secure environment instead of pasting keys into chat or command lines, and review the query/depth choice before running because the workflow automatically skips clarification and confirms the outline.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill instructs the agent to access environment variables for API credentials and perform networked code execution via a script, but the skill metadata does not declare corresponding permissions. This creates a permission-transparency gap: users or hosting systems may not realize the skill can read secrets and make outbound requests, increasing the risk of unintended credential exposure or unauthorized external calls.

Natural-Language Policy Violations

Medium
Confidence
89% confidence
Finding
The skill requires a fixed Chinese output template and forbids any variation, without offering language selection or respecting user locale. This is primarily a safety/UX policy issue rather than a direct exploit, but it can mislead users, reduce accessibility, and cause downstream operational errors if recipients expect another language or localized compliance wording.

Unbounded Resource Access

Medium
Category
Excessive Agency
Content
headers=make_headers(api_key),
        json=payload,
        stream=True,
        timeout=None,  # 不设整体超时,通过 IDLE_TIMEOUT 控制
    ) as resp:
        resp.raise_for_status()
Confidence
75% confidence
Finding
timeout=None

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal