ClawHub

Traditional Chinese Dictionary

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says: download public MOE dictionary data, store it locally, and query Traditional Chinese definitions.

Install in an isolated Python environment if possible. Expect the skill to contact MOE servers, download ZIP/XLSX dictionary data, and store files under ~/.openclaw/dictionaries by default. Only enable cron updates if you want scheduled network checks and local dictionary updates.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill documents network access and local file writes, including downloading, extracting, and storing dictionary data, but does not declare corresponding permissions. That creates a transparency and policy-enforcement gap: users or hosting systems may authorize the skill under incomplete assumptions while it still performs network and filesystem operations.

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The stated purpose emphasizes querying the concised dictionary, but the described behavior extends to broader update checking, additional dictionaries, downloading archives, ZIP extraction, and metadata management. This mismatch is security-relevant because it obscures the skill's true operational scope and can lead users or policy engines to trust a narrower capability set than the skill actually exercises.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The manual trigger phrase "更新字典" / "重新下載國語辭典" is broad enough that ordinary conversational requests could invoke a state-changing network/download action rather than a harmless lookup. In agent settings, ambiguous natural-language triggers can cause unintended downloads, file writes, or update checks without clear user confirmation.

Unpinned Dependencies

Low
Category
Supply Chain
Content
# openclaw-tc-dict-skill dependencies
# Install with: uv pip install -r requirements.txt

pandas>=2.0.0
openpyxl>=3.1.0
Confidence
94% confidence
Finding
pandas>=2.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
# Install with: uv pip install -r requirements.txt

pandas>=2.0.0
openpyxl>=3.1.0
Confidence
94% confidence
Finding
openpyxl>=3.1.0

Known Vulnerable Dependency: openpyxl — 2 advisory(ies): CVE-2017-5992 (Improper Restriction of XML External Entity Reference in Openpyxl); CVE-2017-5992 (Openpyxl 2.4.1 resolves external entities by default, which allows remote attack)

High
Category
Supply Chain
Confidence
92% confidence
Finding
openpyxl

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal