ClawHub

中国机动车驾驶证识别与抽取(ADP)

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed driving-license extraction workflow that uses Laiye ADP, with some installation and broad CLI documentation risks users should understand before use.

Install only if you trust Laiye ADP and are comfortable sending driving-license images and extracted PII to its cloud service. Prefer the npm or verified release installation path over pipe-to-shell commands, protect the ADP API key, and keep agent use constrained to the driving-license app_id rather than the broader ADP CLI custom-app or generic document commands.

Publisher note

This skill is an enterprise-grade application developed by Laiye Technology. It only executes document extraction tasks by invoking designated internal CLI commands via secure means, with no external network data transmission, unauthorized file access, or other risky operations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The README describes a broad, general-purpose ADP CLI for arbitrary document parsing and extraction, which materially exceeds the declared skill scope of driving-license recognition. In an agent ecosystem, this scope mismatch is dangerous because it can cause an agent to invoke capabilities on unrelated documents or data sources, expanding access and data-processing beyond what the user intended.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Documenting custom application management exposes creation, update, deletion, and AI-generated configuration features unrelated to the stated driving-license extraction purpose. For an agent, these capabilities can enable privilege expansion or repurposing of the skill into a general document-processing tool, increasing the risk of unauthorized configuration changes and broader data handling.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The README advertises generic parsing and extraction of arbitrary local files, remote URLs, and Base64 content, which is significantly broader than driving-license recognition. In skill context, this broad input surface makes the package more dangerous because an agent may be induced to fetch or process unrelated sensitive content from local paths or remote sources.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The README presents a broad, general-purpose ADP CLI with parsing, extraction, app management, and agent-oriented workflows, which materially exceeds the stated scope of a driving-license-only recognition skill. This mismatch is dangerous because an agent or user may grant broader trust and permissions than intended, enabling use of unrelated document-processing and automation capabilities under a narrowly named skill.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The documented ability to create, update, and delete custom extraction applications goes well beyond the manifest's extraction-only purpose and introduces administrative and potentially destructive operations. In a skill expected to only recognize driving licenses, hidden broader control-plane functions increase attack surface and can be abused for unauthorized configuration changes or persistence.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
Custom application management is unjustified in the context of a driving-license extraction skill and indicates capability overreach relative to the advertised purpose. This matters because users may unknowingly expose broader document automation features, increasing the risk of misuse, misconfiguration, or lateral expansion of the agent's abilities.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The README recommends one-line remote script execution for shell and PowerShell installation without integrity verification, pinning, or review guidance. This is dangerous because it trains users or agents to execute code fetched at runtime from the network, enabling supply-chain compromise if the source, transport, repository, or script content is tampered with.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README includes one-line shell and PowerShell installer commands that fetch and execute remote code immediately, without an explicit warning about the trust and execution implications. This is dangerous because users may copy-paste these commands into privileged shells, allowing compromise if the remote source, repository, or delivery path is tampered with.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal