ClawHub

热门标讯挖掘助手-火标网

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed, documentation-only tender and market-intelligence API skill, but it can send business queries to an external provider and return sensitive contact-style business data.

Install only if you trust the Huobiaowang/Zhiliaobiaoxun API provider and are comfortable using a ZLBX_API_KEY with it. Treat company contact results as sensitive business contact data, and ask the agent to confirm matched subsidiaries or affiliates before broad company analysis when precision matters.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The manifest frames the skill as a narrow market-trend analysis assistant, but the body documents a much broader intelligence toolkit including company profiling, contact lookup, competitor analysis, and supplier recommendation. This scope mismatch can mislead users, policy layers, and tool-routing systems into authorizing or invoking capabilities that collect more sensitive commercial or personal data than expected.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The company contact lookup feature is not necessary for the stated purpose of market heat and concentration analysis, yet it enables retrieval of potentially sensitive contact information tied to individuals or business roles. In this context, the mismatch raises the risk of unauthorized surveillance, targeted outreach, or misuse of personal/business contact data under the guise of market analytics.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The documented APIs go well beyond the skill's stated purpose of market heat and concentration analysis and include company profiling, partner mapping, competitor analysis, potential bidder recommendation, and contact lookup. This scope expansion increases the chance of collecting and using sensitive business intelligence in ways users did not reasonably expect from the manifest, creating over-privileged data access and purpose-misalignment risk.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The get_company_contacts capability enables lookup of project contact information, including names, masked phone numbers, publication history, and bid links, which is not necessary for trend mining or market concentration analysis. Even partially masked contact data can facilitate profiling, targeting, or downstream social-engineering workflows, making this materially more sensitive than the skill's stated use case suggests.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to use an API key from environment/config and send requests to an external service, but it does not warn that user prompts, company names, or query terms will be transmitted off-platform. This creates a data-handling transparency issue and increases the chance of sending sensitive business research or identifiers to a third party without informed user consent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation explicitly instructs the agent to automatically expand a user-supplied company name to all matching headquarters and subsidiaries and to run follow-on queries without confirmation. This can silently broaden the dataset, analyze additional entities the user did not clearly request, and transmit more company data than necessary, which is a data minimization and transparency failure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal