ClawHub

海关知识产权备案查询

Security checks across malware telemetry and agentic risk

Overview

This skill appears to perform the advertised customs IP lookup, but it automatically installs an unpinned browser automation dependency and stores query results locally, so users should review it before installing.

Install only if you are comfortable with the skill creating or using a Python environment, downloading nodriver at runtime from a public package index or mirror, opening Chrome to the customs site, and saving searched brand names plus results in a local CSV. Prefer a version that pins dependencies, asks before installing packages, narrows activation phrases, and offers cache opt-out or deletion controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
print(json.dumps({"action": "install_deps", "mirror": mirror, "cmd": " ".join(pip_args)}))

    try:
        result = subprocess.run(pip_args, capture_output=True, text=True, timeout=120)
        if result.returncode == 0:
            return True
        elif not mirror:
Confidence
84% confidence
Finding
result = subprocess.run(pip_args, capture_output=True, text=True, timeout=120)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
Embedding virtualenv creation and online package installation in a skill that should only perform a records lookup materially increases attack surface and enables unreviewed code acquisition at runtime. In the context of an automation skill, this is more dangerous because the agent may execute it with user trust and network access, turning a lookup task into an environment-modifying installer.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger phrases are broad enough that the skill may activate in loosely related compliance or brand discussions, causing unexpected browser automation, network access, and local writes. Because this skill performs real-world external queries and caching, accidental invocation increases privacy and operational risk beyond a simple misrouting issue.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill states that online query results are automatically written to a CSV in the workspace root, but it does not clearly warn the user that searched brand names and returned records will be stored locally. This can expose sensitive compliance investigations, customer data, or business intent to other tools, users, or later processes with workspace access.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal