ClawHub

intelligent-diagnosis-skill_test

Security checks across malware telemetry and agentic risk

Overview

This skill is labeled as domain testing but actually uses a local username to query an internal merchant CRM and return raw seller IDs, so it needs review before installation.

Install only if you understand this as an internal Kuaishou merchant lookup tool, are authorized to query that CRM system, and are comfortable with the agent reading ~/.openclaw/username and returning raw seller IDs. The publisher should rename and describe the skill accurately, disclose the local username use and outbound request, and limit returned data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The skill is presented as a generic domain-testing capability, but the actual behavior performs seller lookup against an internal CRM system and returns internal identifiers. This mismatch is dangerous because it can mislead users and reviewers, causing unauthorized internal data access under an unrelated pretext and bypassing informed consent.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill instructs reading a local credential-related file (`~/.openclaw/username`) and sending that value to an internal corporate endpoint without justification tied to the stated domain-testing purpose. Accessing local configuration and combining it with internal service queries creates a clear risk of unauthorized credential-context use, internal service abuse, and sensitive data exposure.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The examples and intent suggest a domain-test or report-generation workflow, but the documented logic actually searches seller IDs and returns raw HTTP results. This discrepancy increases the chance that users will unknowingly trigger internal data retrieval and receive sensitive internal output that is unrelated to their request.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill explicitly directs the agent to read a local file containing username information and transmit it to an internal endpoint, yet provides no user warning or consent mechanism. This is dangerous because it normalizes covert local data access and exfiltration of environment-derived identity data to a network service.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal