ClawHub

中国农历查询

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed external lunar-calendar lookup tool, with the main caution that it uses an API token and includes some broader Huangli-style search/filter features.

Install only if you trust nongli.skill.4glz.com with the dates or keywords you query and with the API token used for quota/authentication. Use a dedicated, revocable HUANGLI_TOKEN, avoid putting the token in chats or logs, and do not change HUANGLI_BASE away from the official HTTPS API unless you trust the replacement endpoint.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Tainted flow: 'req' from os.environ.get (line 45, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
data = json.dumps(payload).encode("utf-8")
        headers["Content-Type"] = "application/json"
    req = urllib.request.Request(url, method=method, data=data, headers=headers)
    with urllib.request.urlopen(req) as resp:
        return json.loads(resp.read())
Confidence
95% confidence
Finding
with urllib.request.urlopen(req) as resp:

Tp4

High
Category
MCP Tool Poisoning
Confidence
87% confidence
Finding
The skill claims to be a narrow date-conversion tool, but the detected behavior suggests broader Huangli querying, keyword search, activity filtering, and batch retrieval from an external API. This mismatch is dangerous because users and policy systems may grant trust, tokens, or routing decisions based on the narrower description while the skill actually accesses broader data and performs more expansive network-backed operations.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill is presented as a simple lunar date conversion/query tool, yet the reference requires authentication tokens and remote API endpoints, meaning user requests and credentials are sent to an external service. This expands the trust boundary significantly and can expose sensitive prompts, usage metadata, or tokens to a third party without that risk being clearly reflected in the skill's stated purpose.

Description-Behavior Mismatch

High
Confidence
91% confidence
Finding
The implementation materially exceeds the stated skill purpose by providing Huangli, activity filtering, and search capabilities instead of only lunar date conversion. This scope mismatch is dangerous because it can cause the agent to invoke undeclared functionality, expanding data flows and user-impacting behavior beyond what operators and users expect.

Intent-Code Divergence

Medium
Confidence
85% confidence
Finding
The module docstring and CLI explicitly present the file as a Huangli toolkit, which contradicts the narrower manifest description. This documentation mismatch increases the likelihood of unsafe deployment and operator misunderstanding, making it easier for broader-than-approved functionality to be used unnoticed.

Context-Inappropriate Capability

High
Confidence
92% confidence
Finding
The search and activity-filter features enable date discovery and recommendation-like behavior that goes beyond straightforward conversion. In this skill context, that is more dangerous because the manifest says users needing Huangli/jixiong should use a different skill, so this file effectively bypasses intended capability separation and policy boundaries.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal