ClawHub

黄历查询

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Chinese almanac lookup tool that uses a disclosed API token and outbound API calls, with one configuration risk users should handle carefully.

Install only if you are comfortable using nongli.skill.4glz.com with a HUANGLI_TOKEN. Keep the token private, avoid entering sensitive personal plans in queries, and do not set HUANGLI_BASE unless you fully trust the replacement API endpoint.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Tainted flow: 'req' from os.environ.get (line 45, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
data = json.dumps(payload).encode("utf-8")
        headers["Content-Type"] = "application/json"
    req = urllib.request.Request(url, method=method, data=data, headers=headers)
    with urllib.request.urlopen(req) as resp:
        return json.loads(resp.read())
Confidence
94% confidence
Finding
with urllib.request.urlopen(req) as resp:

Lp3

Medium
Category
MCP Least Privilege
Confidence
80% confidence
Finding
The skill metadata declares required environment variables and outbound network access, but there is no explicit permissions declaration to make those capabilities visible to users and policy systems. This creates a transparency and governance gap: a caller may invoke the skill without realizing it can read secrets from the environment and send data off-box to an external API.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The documentation tells users to provide a bearer token and send requests to an external HTTPS service, but it does not clearly warn that user queries, dates, and filtering terms will be transmitted to that third-party API. In this skill context the content is usually low sensitivity, which reduces severity, but the omission still creates a privacy and informed-consent issue and could expose sensitive plans if users query topics like weddings, moves, or business openings.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal