ClawHub
Back to skill

Security audit

XiaomiYe

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed ecommerce administration helper, but it should only be used with a verified store URL and least-privilege API key.

Install only if you trust the publisher and need agent access to your live 人人商城 backend. Verify RR_CLAW_BASE_URL is your real HTTPS store API, use the least-privilege API key available, avoid broad member/order dumps, and require explicit confirmation before product, order, coupon, or shipping-setting changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The skill allows requests to an arbitrary user-provided RR_CLAW_BASE_URL and only describes a generic request client, without technical enforcement that the destination is actually a 人人商城 endpoint or that only the documented paths are reachable. This creates an SSRF-style capability and credential exposure risk: a malicious or mistaken base URL could cause the injected Bearer API key to be sent to an attacker-controlled server, while the broad request primitive exceeds the narrowly advertised business purpose.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The document describes member lookup endpoints that return sensitive personal and account data, including real name, mobile number, balance, birthday, member code, and activity history, without any privacy guardrails, access restrictions, or data-minimization guidance. In the context of an agent skill for querying and managing shop data, this increases the risk of overbroad retrieval, insider misuse, and unnecessary disclosure of PII if the skill surfaces these fields to users or logs them.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal