ClawHub

Aiwencai

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed financial-data lookup tool that sends queries to iwencai using the user's API key, with privacy caveats but no evidence of hidden or destructive behavior.

Install only if you trust the publisher and are comfortable sending financial queries to iwencai/Tonghuashun. Keep IWENCAI_API_KEY in a secret or environment variable, avoid putting account numbers, personal identifiers, or confidential portfolio details in queries, and verify important financial results against trusted sources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill instructs the agent to invoke a Python CLI that uses both network access and an environment-sourced API key, but the skill does not declare corresponding permissions. This creates a trust and policy gap: operators may approve the skill without understanding that it can exfiltrate prompts or make external requests using sensitive credentials.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger condition says the skill 'must' be used for a very broad class of financial questions, which can cause over-triggering and route ordinary user prompts to an external financial API unnecessarily. In this context, misrouting increases the chance that sensitive or proprietary user queries are sent off-platform without clear need, creating privacy and data-minimization risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The document instructs the system to send raw user queries and an API credential to a third-party endpoint, but provides no requirement for user notice, consent, or minimization of sensitive content. In a financial domain, user prompts may contain portfolio details, account-related context, or other sensitive information, so silent external transmission creates a meaningful privacy and compliance risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal