ClawHub

Meal Subsidy

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-built for meal-subsidy automation, but it controls a logged-in HR browser session and submits reimbursement forms automatically without a clear final confirmation step.

Install only if you are comfortable letting the skill control a logged-in 2haoHR browser session and submit meal-subsidy requests on your behalf. Use a dedicated Chrome profile with no unrelated accounts or tabs, review the generated screenshots/CSV/log files, and avoid weekly or monthly batch mode unless you have already tested single-date submissions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill performs sensitive actions and uses powerful capabilities—network access, shell/process launching, and local file writes—yet declares no permissions or safety boundaries. In this context, the omission is dangerous because the skill connects to a logged-in browser session, can auto-submit HR reimbursement forms, and stores screenshots/CSV artifacts locally, so users and platforms lack clear consent and containment for privileged behavior.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill connects to Chrome's remote debugging interface on localhost and, if unavailable, starts Chrome with remote debugging enabled. This grants broad control over browser sessions, pages, cookies, and authenticated state well beyond the narrow purpose of submitting a meal subsidy, so compromise or misuse could affect unrelated accounts and data accessible in the browser profile.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
Starting a local Chrome subprocess is not inherently exploitable here, but in this skill it is part of enabling remote-debug browser control and expands the agent's system-level reach beyond the advertised task. In context, this makes it easier for the skill to access a persistent browser profile and automate actions outside the intended HR workflow.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill description does not clearly warn that it will automatically submit reimbursement requests and generate local screenshots and CSV records. This is risky because users may invoke it expecting a passive lookup, while the skill can perform irreversible actions in an authenticated HR system and create artifacts that may contain sensitive attendance or personal data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal