ClawHub

语雀连接器

Security checks across malware telemetry and agentic risk

Overview

This Yuque sync skill is not clearly malicious, but it needs Review because it asks for a read/write account token and automatically changes local MCP configuration without enough consent and credential-safety guidance.

Install only if you are comfortable giving the assistant read/write access to your Yuque account and allowing it to edit your local MCP configuration. Prefer a minimally scoped token if Yuque supports it, avoid pasting long-lived secrets into ordinary chat, review any ~/.workbuddy/mcp.json change before it is applied, and rotate the token if it may have been exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
81% confidence
Finding
The skill goes beyond documenting Yuque sync behavior and instructs the agent to inspect and modify local MCP configuration files and run shell-based troubleshooting (`npx ... --help`). That expands the trust boundary from remote document sync into local environment management, which can lead to unintended local changes or command execution that a user may not expect from a sync skill.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The documented fallback to direct REST API use bypasses the declared MCP-only operating model and introduces a second, less-controlled execution path using raw HTTP requests and token handling. This increases risk because the agent may perform network actions outside the expected connector controls, logging, and permission boundaries, while still using sensitive credentials.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill instructs automatic writes to `~/.workbuddy/mcp.json` and backup creation without an explicit warning that local configuration files will be modified. Even if intended for setup convenience, silent config mutation can overwrite user settings, alter agent behavior, or create persistence that the user did not knowingly authorize.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill tells users to paste a personal access token directly to the assistant and provides no privacy or credential-handling warning. This is dangerous because tokens grant API access to the user's Yuque account and may be exposed through chat history, logs, model providers, screenshots, or downstream tooling if mishandled.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal