ClawHub

数安云智数据分类分级

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed API wrapper for data classification, but users should treat uploads and tokens as sensitive and use only trusted endpoints.

Install/use this only if you trust the Shuyan service you configure. Set your own SHUYAN_API_KEY and SHUYAN_API_URL, prefer HTTPS for anything beyond localhost, review batch JSON before upload, and do not send real personal, financial, or regulated samples unless you are authorized to share them with that endpoint.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill documents sending sensitive sample data together with a bearer token to an HTTP endpoint, but it does not provide an explicit privacy/security warning to the user. Because the examples involve data classification of personal and potentially regulated information, this can lead users to unknowingly transmit production sensitive data and credentials over an insecure or misconfigured channel.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The examples include realistic personal identifiers such as names and an ID-card number, which normalizes the practice of sending live-looking sensitive data to the service without cautionary guidance. This is dangerous because users may copy the pattern into real workflows and upload regulated personal or financial data without masking, increasing privacy, compliance, and breach risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script sends user-supplied field metadata and an API bearer token to a remote endpoint without any explicit disclosure, confirmation, or warning that data leaves the local environment. In a data-classification skill, the inputs may themselves contain sensitive schema details or regulated data descriptors, so silent transmission increases the risk of unintended data exfiltration or policy violations.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Batch mode uploads an entire JSON file to the configured API without warning, review, or safeguards about the contents being transmitted externally. Because batch files may contain large sets of sensitive metadata or even actual data samples, this creates a stronger exfiltration and compliance risk than the single-field mode.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill sends classification payloads and bearer credentials over HTTP-capable endpoints without enforcing HTTPS or clearly warning users that potentially sensitive schema/data descriptions are transmitted to a remote service. Because the default URL is `http://localhost:8080` and arbitrary `--api-url` values are accepted, users may unknowingly send sensitive metadata and tokens over an unencrypted channel where interception or redirection is possible.

External Transmission

Medium
Category
Data Exfiltration
Content
]
EOF
)
    curl -s -X POST "${API_URL}${ENDPOINT}" \
      -H "Authorization: Bearer ${API_KEY}" \
      -H "Content-Type: application/json" \
      -d "$DATA"
Confidence
89% confidence
Finding
curl -s -X POST "${API_URL}${ENDPOINT}" \ -H "Authorization: Bearer ${API_KEY}" \ -H "Content-Type: application/json" \ -d "$DATA" ;; classify-batch) shift if [ $#

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal