ClawHub

kwaishop-intelligent-diagnosis-skill_test

Security checks across malware telemetry and agentic risk

Overview

The skill is labeled as domain testing, but it actually uses a local username to query an internal merchant CRM endpoint and return raw seller IDs.

Review carefully before installing. Only use this skill if you are authorized to query the Kuaishou internal merchant CRM service with your local OpenClaw username and to disclose the returned seller identifiers to the requester. The skill should be renamed or re-scoped, add explicit authorization and consent, and minimize returned data before it is treated as safe for general use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The manifest claims the skill performs domain testing, but the actual workflow queries an internal CRM endpoint for seller identifiers and returns the results directly. This capability mismatch is dangerous because it can mislead users and reviewers, trigger unexpected access to internal systems, and facilitate unauthorized merchant enumeration under an innocuous label.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The skill reads a local credential-derived username from ~/.openclaw/username and sends it to an internal CRM service even though that access is unrelated to the stated domain-testing purpose. Pulling local identity material into network requests expands the trust boundary and can expose operator identity or enable internal service access without informed consent.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs sending a username sourced from a local file to an internal HTTP endpoint without warning the user or obtaining consent. This is dangerous because it silently transmits local identity data across a network boundary, undermining transparency and potentially exposing sensitive operator context to services the user did not intend to contact.

Ssd 3

Medium
Confidence
98% confidence
Finding
The instructions say to return raw backend results directly to the user after performing the internal CRM lookup. Exposing unfiltered internal seller IDs and related backend responses can leak internal identifiers, enable enumeration, and disclose data beyond the minimum necessary for the task.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal