ClawHub

Hydraulic Pump

Security checks across malware telemetry and agentic risk

Overview

The skill appears to support a real hydraulic-pump calculation workflow, but it sends design details to a third-party service and uses reusable output/session links without clear user consent or scoping.

Review before installing. Do not enter confidential pump designs, dimensions, customer data, or proprietary filenames unless you are comfortable sending them to jixietools.com and sharing results through guest-style links. The skill should add an explicit external-data disclosure, narrow its triggers, fix the category mismatch, and clarify whether generated links or filename tokens expire or require authorization.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The skill declares the hydraulic pump category ID as 12, but the actual listing request uses category_id=8. This mismatch can cause the agent to fetch and present the wrong product set, leading users to submit design parameters to an unintended workflow or external endpoint under false assumptions.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrases include very generic wording such as '做一个液压泵' and related common requests, which can cause accidental invocation in broader conversations. Unintended activation is risky here because the skill collects user-supplied engineering parameters and transmits them to an external service without prior disclosure.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill does not warn users that entered design parameters will be sent to a third-party service and that resulting production sheets are accessible through guest links. This creates a meaningful confidentiality risk because mechanical design data, dimensions, and filenames/guest codes may expose sensitive proprietary information.

External Transmission

Medium
Category
Data Exfiltration
Content
- **有 options_source 的参数**(下拉选项类型):
  先进行一次预计算获取 dropdown 选项:
  ```bash
  curl -s -X POST "https://jixietools.com/api/v1/products/PRODUCT_ID/calculate" \
    -H "Content-Type: application/json" \
    -d '{"inputs": {"有选项的参数名": ""}}'
  ```
Confidence
95% confidence
Finding
curl -s -X POST "https://jixietools.com/api/v1/products/PRODUCT_ID/calculate" \ -H "Content-Type: application/json" \ -d '{"inputs": {"有选项的参数名": ""}}' ``` 从返回的 `dropdowns` 中提取选项列表展示给用户选择。

External Transmission

Medium
Category
Data Exfiltration
Content
1. 收集要修改的参数名和新值
2. 构建**增量请求**:只包含变化的参数 + filename:
   ```bash
   curl -s -X POST "https://jixietools.com/api/v1/products/PRODUCT_ID/calculate" \
     -H "Content-Type: application/json" \
     -d '{"inputs": {"修改的参数名": "新值"}, "filename": "之前保存的filename"}'
   ```
Confidence
97% confidence
Finding
curl -s -X POST "https://jixietools.com/api/v1/products/PRODUCT_ID/calculate" \ -H "Content-Type: application/json" \ -d '{"inputs": {"修改的参数名": "新值"}, "filename": "之前保存的filename"}' ``` 3.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal