ClawHub
Back to skill

Security audit

iccn-erp

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed ERP lookup skill that can read sensitive business records, so it is acceptable only with a trusted endpoint and scoped token.

Install only if ERP_API_BASE_URL points to your trusted ERP service and ERP_API_TOKEN is read-only, least-privilege, and scoped to authorized users and records. Treat returned ERP data as confidential, confirm ambiguous or broad queries, and review the sample dev.iccn.cc endpoint before deploying it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger policy is extremely broad and uses mandatory language like '必须使用此技能' and many generic ERP-related phrases, which can cause the skill to activate on loosely related user requests without sufficient confirmation or scope checks. In a system connected to live ERP data, over-triggering can lead to unnecessary access to sensitive business records and unintended disclosure of customer, supplier, order, or inventory information.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill is designed to retrieve potentially sensitive ERP business data using environment-injected API credentials, but it provides no user-facing warning, consent flow, or guidance on handling confidential data. In this context, the absence of privacy and access-control safeguards increases the risk of exposing internal commercial information such as orders, customers, suppliers, and inventory to unauthorized or overly broad requests.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal