ClawHub
Back to skill

Security audit

生日花语 - 即刻数据

Security checks across malware telemetry and agentic risk

Overview

This is a coherent birthday-flower lookup skill that calls Jike's API with a declared API key, with some credential-handling cautions but no evidence of malicious behavior.

Install only if you are comfortable sending the queried MM-DD birthday and your Jike AppKey to Jike's API. Prefer the documented environment variable for the key, avoid passing the key on the command line, and do not set JIKE_API_BASE_URL unless you intentionally trust that alternate endpoint.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Tainted flow: 'url' from os.environ.get (line 139, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
"""
    url = f"{API_BASE_URL}{API_PATH}?{urllib.parse.urlencode({**params, 'appkey': appkey})}"
    try:
        with urllib.request.urlopen(url, timeout=15) as response:
            return json.loads(response.read().decode("utf-8"))
    except urllib.error.HTTPError as exc:
        return {"code": exc.code, "message": f"接口请求失败: HTTP {exc.code}", "data": ""}
Confidence
90% confidence
Finding
with urllib.request.urlopen(url, timeout=15) as response:

Lp3

Medium
Category
MCP Least Privilege
Confidence
77% confidence
Finding
The skill declares required binaries and environment variables and instructs the agent to execute a local Python script that will read an API key from the environment and perform outbound network access, but it does not declare explicit permissions for those capabilities. This creates a governance and sandboxing gap: operators may approve the skill without realizing it can read secrets, access local files, and transmit data externally.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.