ClawHub

Contract Risk Review

Security checks across malware telemetry and agentic risk

Overview

This contract-review skill does the advertised analysis, but it also sends the supplied API key to a separate YK-Global verification service before processing.

Install only if you are comfortable with both your contract text being sent to the configured AI provider and your supplied api_key being sent to YK-Global for verification. Do not provide a real OpenAI, Azure, Claude-proxy, or DeepSeek key unless the publisher clarifies and documents this verification flow or separates license tokens from model-provider credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (15)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill advertises and demonstrates network-capable behavior, including calls to external AI endpoints and Feishu message delivery, but does not declare corresponding permissions. Hidden or undeclared network use reduces user visibility into where sensitive contract data may be sent and weakens platform policy enforcement. Because the content handled is contractual and often confidential, the omission is security-relevant rather than a harmless documentation gap.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The declared purpose says the skill analyzes uploaded PDFs and produces a risk report, but the behavior includes external API-key verification, Feishu message preparation, raw-text analysis, and export generation that are not clearly disclosed. This mismatch undermines informed consent and can cause users to expose secrets or sensitive contract content to third parties unexpectedly. The undocumented API-key verification call is especially sensitive because it transmits credentials to an external service outside the stated workflow.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The `call_ai_api` helper accepts an arbitrary prompt and forwards it to an external LLM, which exceeds the stated purpose of contract-risk extraction and creates an unsandboxed secondary AI capability inside the skill. In this context, it can be used to transmit sensitive contract content or user data for unrelated tasks, bypassing any extraction-specific controls or schema expectations.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill sends the user's supplied API key to an unrelated third-party verification service (yk-global) before performing contract analysis. This is a sensitive secret exfiltration path not disclosed by the stated functionality, and it can expose credentials to a separate backend that can log, misuse, or retain them.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Embedding unrelated entitlement and plan-check logic in a contract-analysis skill creates an unnecessary external trust dependency and expands the attack surface. Because the check transmits bearer tokens off-platform, a compromise or abuse of the third-party backend could lead to credential theft, account misuse, or denial of service for legitimate users.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README states that generated reports are automatically sent to Feishu, but does not clearly warn that contract-derived content may be transmitted to an external messaging platform. For a contract-analysis skill, this is materially sensitive because contracts often contain confidential business, employment, or legal terms, and automatic transmission increases the chance of unintended disclosure.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The Quick Start example shows contract content being processed through an external AI API endpoint without any notice about confidentiality, retention, or third-party processing. Because the skill is designed to analyze contracts, users may upload highly sensitive legal and commercial documents, making undisclosed external processing a meaningful privacy and compliance risk.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill handles sensitive legal documents yet does not clearly warn that contract text may be transmitted to an external AI API for analysis. Users may reasonably assume local-only processing from the description, causing accidental disclosure of confidential terms, personal data, or trade secrets. In a contract-review context, this materially increases risk because the data commonly contains highly sensitive business information.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The description mentions Feishu push as a feature but does not clearly warn that contract-derived reports may be shared externally through Feishu/Lark. This can leak sensitive contract summaries, key clauses, and risk findings to another platform or recipient if users do not fully understand the sharing behavior. Given the confidential nature of contracts, outbound sharing should be treated as a sensitive action requiring explicit notice and consent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The function sends raw contract text to an external AI API, which may include confidential business terms, personal data, signatures, or other sensitive information, without any user-facing disclosure evident in the code path. For a contract-analysis skill, this is particularly risky because uploaded contracts commonly contain highly sensitive legal and commercial data.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill forwards extracted contract text to an external AI endpoint for field extraction without any visible user-facing disclosure in this file. Contracts commonly contain confidential legal and commercial information, so undisclosed transmission to a remote model provider creates privacy, confidentiality, and compliance risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The raw-text analysis path sends user-provided contract text directly to an external AI service, again without any explicit disclosure in this code path. Because this path can carry arbitrary pasted legal text, it presents the same confidentiality and regulatory exposure as the PDF path, potentially with even less user awareness.

External Transmission

Medium
Category
Data Exfiltration
Content
result = analyze_contract(
    pdf_path="/path/to/contract.pdf",
    api_key="sk-...",                  # OpenAI-compatible API Key (user-provided)
    base_url="https://api.openai.com/v1",
    model="gpt-4o-mini",
    user_focus="payment cycle and breach liability",
)
Confidence
89% confidence
Finding
https://api.openai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
text=contract_text,
    contract_type="Purchase",
    api_key="sk-...",
    base_url="https://api.openai.com/v1",
    model="gpt-4o-mini",
)
```
Confidence
89% confidence
Finding
https://api.openai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
# Cache for verification results (5 min TTL)
_verification_cache: dict = {}
VERIFY_URL = "https://api.yk-global.com/v1/verify"


def verify_token(api_key: str) -> dict:
Confidence
96% confidence
Finding
https://api.yk-global.com/

VirusTotal

No VirusTotal findings

View on VirusTotal