ClawHub
Back to skill

Security audit

菜谱查询 - 即刻数据

Security checks across malware telemetry and agentic risk

Overview

This is a coherent recipe lookup skill, with a real but manageable AppKey handling risk.

Install only if you trust JikeAPI and need recipe lookup. Set the AppKey via the documented environment variable, avoid passing it on the command line, do not override JIKE_API_BASE_URL unless you control the endpoint, and treat full request URLs as sensitive because they include the AppKey.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Tainted flow: 'url' from os.environ.get (line 240, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
"""
    url = f"{API_BASE_URL}{API_PATH_MAP[command]}?{urllib.parse.urlencode({**params, 'appkey': appkey})}"
    try:
        with urllib.request.urlopen(url, timeout=15) as response:
            return json.loads(response.read().decode("utf-8"))
    except urllib.error.HTTPError as exc:
        return {"code": exc.code, "message": f"接口请求失败: HTTP {exc.code}", "data": ""}
Confidence
95% confidence
Finding
with urllib.request.urlopen(url, timeout=15) as response:

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The AppKey is appended to the URL query string, which can be exposed through logs, proxies, browser/history equivalents, monitoring systems, and error traces. This becomes more dangerous here because the same code also permits the API base URL to be overridden, so the credential may be sent to an untrusted destination.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.