ClawHub

baidu qianfan agent chat

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Baidu Qianfan chat API helper, with expected cloud data sharing and local session reuse that users should understand before use.

Install only if you intend to send prompts, file references, metadata, and conversation context to Baidu Qianfan. Use a scoped Qianfan API key, verify the app_id you want, avoid sensitive or regulated data unless approved, and use --new-session or remove state/session.json when switching contexts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill declares operational requirements showing access to environment variables, filesystem read/write, and network, but does not declare corresponding permissions. This creates a capability transparency gap: users and orchestrators may authorize or invoke the skill without understanding that it can read secrets like QIANFAN_API_KEY, persist conversation state locally, and send data to external services.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation explicitly instructs callers to send user queries, file identifiers, conversation identifiers, and optional end_user_id to a third-party cloud API, but provides no privacy notice, data handling warning, or guidance on minimizing sensitive data. In an agent skill context, this can cause operators to unknowingly transmit personal, confidential, or regulated data off-platform without user awareness or consent.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The script transmits user prompts, optional file IDs, metadata filters, custom metadata, tool definitions, and tool outputs to a third-party remote API without any explicit privacy notice or confirmation at runtime. In an agent-skill context, this can cause users or upstream systems to unknowingly send sensitive data off-platform, especially because session continuity makes repeated transmission easy.

External Transmission

Medium
Category
Data Exfiltration
Content
### 基础请求示例

```bash
curl --location 'https://qianfan.baidubce.com/v2/app/conversation/runs' \
--header 'Authorization: Bearer <API Key>' \
--header 'Content-Type: application/json' \
--data '{
Confidence
92% confidence
Finding
curl --location 'https://qianfan.baidubce.com/v2/app/conversation/runs' \ --header 'Authorization: Bearer <API Key>' \ --header 'Content-Type: application/json' \ --data '{ "app_id": "85036d8f-239

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal