ClawHub

外贸资讯聚合器 (多源 RSS + 翻译 + 飞书推送)

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed trade-news aggregator that fetches public news, translates titles, writes reports, and can post reports to a configured Feishu webhook.

Install only if you are comfortable sending news titles to Baidu Translate and posting generated reports to the configured Feishu chat. Use dedicated API credentials and a dedicated Feishu webhook, avoid private RSS feeds or sensitive keywords if report contents should stay local, and remove ~/trade-news.md or ~/.openclaw/workspace/history if you do not want retained reports or trend history.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Tainted flow: 'WEBHOOK_URL' from os.environ.get (line 6, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
# 打印发送的 JSON 用于调试
print("发送的 JSON:", card)

resp = requests.post(WEBHOOK_URL, json=card)
print(f"✅ 分析报告已推送,状态码: {resp.status_code}")
print("响应内容:", resp.text)
Confidence
94% confidence
Finding
resp = requests.post(WEBHOOK_URL, json=card)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill reads local news content from ~/trade-news.md, classifies it, and transmits the resulting report to an external webhook even though no metadata or manifest justifies that network egress. In an agent-skill setting, undocumented external transmission is dangerous because it can leak local or user-derived data beyond the expected trust boundary.

Context-Inappropriate Capability

Medium
Confidence
82% confidence
Finding
The script executes additional local Python programs after completing its main task, expanding behavior beyond simple aggregation. This is dangerous in a skill context because those scripts are not validated here and may perform unexpected processing or external transmission, increasing the attack surface and making review incomplete.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
News titles are sent to Baidu's translation API without any user-facing disclosure or consent mechanism. Even if titles are public, this transmits collected content and usage metadata to a third party, which may violate privacy, compliance, or user expectations in enterprise environments.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script posts the generated report contents to a Feishu webhook, transmitting aggregated content to an external service without explicit user-facing warning in the script. In a skill setting, webhook endpoints may belong to third parties, and automatic content export can leak business intelligence or usage data beyond the local environment.

Missing User Warnings

Low
Confidence
81% confidence
Finding
The script silently depends on a sensitive outbound integration secret from the environment and provides no explanation to the user that a webhook credential is being used to send data off-host. In an agent-skill context, hidden credential use reduces transparency and can cause users to unknowingly authorize external data transmission.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The code sends aggregated trend data to an external webhook without any prior notice, consent flow, or restriction on when transmission occurs. In a skill/plugin setting, undisclosed outbound network transmission is security-relevant because locally derived content from ~/trade-news.md is exfiltrated to an external service.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal