ClawHub

运营商5G基站信息 - 聚合数据

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed paid lookup for telecom base-station location data, with no hidden code or persistence, but users should treat the submitted cell data as sensitive location information.

Install only if you intentionally want a paid third-party service to derive location from telecom base-station identifiers. Confirm the MCC/MNC/TAC or LAC/CI values are yours or authorized to use, and do not use it to locate another person or device without permission.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger conditions are broad enough to activate on generic location or base-station related requests, which increases the chance an agent will invoke this paid third-party location service when a safer or more privacy-preserving response would suffice. In this skill’s context, that can lead to unnecessary transmission of sensitive telecom-derived location inputs to a remote vendor and accidental initiation of a payment workflow.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill handles telecom cell parameters that can be used to infer a device or user’s physical location, yet it does not require an explicit privacy warning or informed consent before sending that data to a remote API. Because the returned result is precise location data, omission of a privacy notice materially increases the risk of unauthorized location disclosure and privacy harm.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal