ClawHub

七牛云对象存储操作

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Qiniu Kodo storage helper, but it should be used carefully because it can create buckets and delete stored objects with user credentials.

Install only if you want an agent to operate Qiniu Kodo with your credentials. Use least-privilege AK/SK keys, verify the qshell download source, avoid pasting secrets into chat, and require explicit confirmation of bucket names and object keys before creating or deleting anything.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The skill metadata describes object storage operations focused on downloading qshell, configuring accounts, querying buckets, uploading, and downloading, but the body also instructs creating buckets and deleting objects. This mismatch can mislead users or automated policy systems into authorizing broader, destructive capabilities than expected, increasing the risk of unintended data loss or privilege misuse.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The script exposes bucket-creation capability even though the skill description only declares bucket query and object upload/download operations. This scope mismatch is dangerous because it grants a more powerful remote administrative action than users and reviewers would reasonably expect, increasing the chance of unauthorized infrastructure changes if the skill is invoked with valid credentials.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Creating a remote storage bucket is an account-level provisioning action, not a simple object transfer operation, so including it in a skill framed around upload/download/query materially expands the authority of the skill. In a credentialed environment, this can be abused to create unauthorized storage resources, incur cost, bypass governance expectations, or establish staging locations for data exfiltration.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The script performs a destructive delete operation even though the skill description only advertises query, upload, and download capabilities. This mismatch is dangerous because users or calling agents may invoke the skill under false assumptions, leading to unintended object deletion and possible data loss in a cloud storage bucket.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal