ClawHub

uniapp项目分析器 (脚本版)

Security checks across malware telemetry and agentic risk

Overview

This is a local uni-app/Vue project analysis skill with disclosed shell-based scanning and report generation, but users should notice its optional pip dependency install and broad activation phrases.

Install only if you want a shell-script-based local analyzer for Vue or uni-app projects. Review the target path before running it, avoid running it with elevated privileges, and install skill-seekers manually in a disposable or controlled Python environment if you want to avoid the script’s optional pip install path.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill documents shell execution capabilities but does not declare permissions, which weakens user and platform visibility into what the skill can do. For a project-analysis skill, hidden shell access increases risk because it can run local commands, inspect files, and potentially invoke installers or other tooling without clear consent boundaries.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented purpose understates and mischaracterizes the actual behavior: the skill is not just offline PowerShell analysis, but also supports Bash, installs dependencies, copies and transforms project files, and performs deeper parsing and output generation. This mismatch is dangerous because users may grant trust based on a narrower, safer description while the skill performs materially broader actions.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill claims offline analysis, yet it may install dependencies from pip during execution, which introduces network access and third-party code execution. This breaks user expectations and can expose environments to supply-chain risk, especially if run in sensitive development workspaces.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Automatic pip installation is broader than needed for analyzing a local project and creates an avoidable supply-chain and code-execution pathway. Even if intended for convenience, invoking package managers from a skill expands attack surface and can modify the user's system without strong necessity.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The script is presented as an offline project analysis tool, but it can install a missing dependency via pip/python3 -m pip. That is a system-modifying action outside the core analysis scope and can execute arbitrary install-time code from packages or indexes, especially risky when users run the script with elevated privileges or in automation.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
Attempting dependency installation from within a code-analysis script is not necessary to inspect project files and expands the trust boundary. Even though it prompts interactively, it still encourages package execution on the host and mixes setup with analysis in a way users may not expect from an 'offline' analyzer.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are broad and overlap with normal development-assistance requests, so the skill may activate unexpectedly in contexts where the user did not intend shell-driven project analysis. In combination with file scanning, output generation, and optional dependency installation, unintended invocation increases the chance of overreach and surprise side effects.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list contains very broad phrases such as '代码审查', '生成项目文档', and '分析这个项目', which can match many generic developer requests outside a narrowly scoped uni-app/Vue analysis use case. This can cause the skill to activate unexpectedly, capture requests meant for other tools, and widen the attack surface for unintended execution paths or misleading analysis behavior.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script can modify the host environment by installing packages, but its messaging emphasizes analysis rather than system changes. In security tooling, undisclosed or weakly disclosed side effects are risky because operators may run scripts in CI, on developer machines, or with broad permissions, increasing the chance of unintended package execution.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger examples are broad, generic requests such as analyzing a project, generating project documentation, or evaluating technical debt. In a skill-routing system, these phrases can cause the skill to activate for many unrelated repositories or frameworks, leading to unintended execution and over-collection or misapplication of analysis beyond the intended uni-app/Vue-focused scope.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal