ClawHub

海外物流Skill合集

Security checks across malware telemetry and agentic risk

Overview

This logistics lookup skill matches its stated purpose, but it needs review because it sends token-backed API requests with TLS certificate checks disabled.

Install only if you trust the publisher and can use a dedicated, least-privilege JD logistics token. Before using real shipment or business data, the maintainer should remove rejectUnauthorized:false from the scripts, clarify what data is sent to JD/Ochama APIs, and document safe credential storage and rotation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (11)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill file adds a separate cross-border experience query capability, including customer-specific full-process fulfillment metrics, that is not described in the manifest. This creates hidden functionality and weakens trust boundaries: users and reviewers may authorize a logistics-indicator skill expecting one scope while the skill can access additional customer-level data paths.

Context-Inappropriate Capability

Low
Confidence
80% confidence
Finding
Requiring an environment-variable check before a read-only query implies dependence on undeclared configuration or secrets without explaining why they are needed. In a query-only skill, this increases the chance of unnecessary secret exposure, privilege creep, or later logic that conditions behavior on sensitive runtime state.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The HTTPS client explicitly sets rejectUnauthorized: false, which disables TLS certificate validation. This allows a man-in-the-middle attacker to intercept or tamper with requests to the logistics API and steal the authentication token or alter returned logistics/operational data; in a logistics skill handling potentially sensitive business data, this is especially dangerous.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The code explicitly sets `rejectUnauthorized: false`, which disables TLS certificate validation for the HTTPS request. This allows a man-in-the-middle attacker to present an invalid or forged certificate, intercept the request, and read or modify the logistics query data and the `token` header in transit. In this skill context, the request is sent to a production JD API and includes an authentication token, which makes the issue more dangerous rather than less.

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The script explicitly sets rejectUnauthorized: false, which disables TLS certificate validation for the outbound HTTPS request. This allows a man-in-the-middle attacker to intercept or modify requests and responses, potentially stealing the authentication token and tampering with logistics data; in a logistics-query skill, there is no legitimate need to bypass server certificate checks in production.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README tells users to place an API credential in shell environment configuration and even shows a token-like example, but it provides no warning about secret handling, rotation, least privilege, or avoiding committing credentials to files and logs. In a logistics skill that accesses operational and tracking data, exposed credentials could enable unauthorized access to shipment or supply-chain data and abuse of backend APIs.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill instructs the agent to execute a local Node CLI command built from parsed user input without any user-facing disclosure that code will be run or that external/internal data sources will be queried. Even if the syntax is constrained, hidden command execution increases the risk of unsafe automation, opaque data access, and accidental abuse of local runtime capabilities.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The second module repeats the same pattern: it mandates local script execution for cross-border queries but does not inform the user that a script will run or that data will be pulled from another source. Because this section also expands into customer-specific metrics, the lack of transparency makes unauthorized or unexpected data access more concerning in context.

Missing User Warnings

High
Confidence
99% confidence
Finding
Disabling TLS verification without any warning means the script will accept any certificate presented for the remote host. That exposes the outbound request, including the token header and query contents, to interception and modification; because this skill queries international logistics and supply-chain metrics, compromised responses could mislead operations and expose internal business data.

Missing User Warnings

High
Confidence
99% confidence
Finding
Disabling TLS verification without warning means the outbound HTTPS connection provides no assurance that it is actually talking to the legitimate server. An attacker on the network path could spoof `us-api.jd.com`, capture the authentication token, and tamper with returned operational data, potentially misleading downstream decisions. Because this is a logistics/operations data skill, integrity of returned metrics is important and silent trust bypass is especially risky.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The skill sends user-supplied tracking or order numbers to an external JD logistics API, but the description does not warn users that their identifiers leave the local environment. While the data involved is limited, tracking numbers and order identifiers can still be sensitive business or customer-linked data, so lack of transparency can cause unintended disclosure and compliance issues.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal