ClawHub

CompanyInformation

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate company-news monitoring skill, but its API-key handling and default data persistence need review before use.

Review before installing. Do not paste a FEEDAX API key into chat or agent memory; prefer a scoped environment variable or local secret with restricted access. Use --no-output for sensitive searches, avoid command-line API keys, and do not send credentials unless you have verified the provider supports a secure HTTPS endpoint.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The instruction telling the user to provide the API key '以便我记住' encourages the assistant to collect and retain a secret in chat, which is outside the core purpose of querying company news. This creates a credential harvesting and retention risk because conversational channels are not appropriate secret storage and may be logged or exposed.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill directs the agent to run shell commands that inspect local files like `.env` and then execute a CLI. Those actions exceed a simple information-lookup description and introduce access to local secrets and host resources, which broadens the attack surface if the skill is triggered unexpectedly or on shared systems.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README states that CSV and Markdown files containing article content, summaries, URLs, and related company metadata are generated by default, but it does not prominently warn that potentially sensitive or regulated query results will be written to local disk unless users explicitly disable output. This can lead to unintended persistence of collected intelligence on shared workstations, CI runners, or managed endpoints, increasing exposure through backups, endpoint indexing, and unauthorized local access.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README recommends passing the API key directly on the command line and storing it in a config file without warning about exposure risks. Command-line secrets can leak via shell history, process listings, logs, and screenshots, while plaintext config files may be accidentally committed or left with weak permissions.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill says all returned data will be automatically written to CSV and Markdown files without requiring explicit user approval or clearly warning that data will be persisted locally. Automatic disk persistence can expose sensitive query history, downloaded content, or proprietary results to other users/processes on the machine.

Missing User Warnings

High
Confidence
98% confidence
Finding
The script sends company queries and the API key to an endpoint over plain HTTP (`http://221.6.15.90:18011`). This exposes the request body, query parameters, and authentication material to interception or modification by any on-path attacker, which is especially risky for potentially sensitive corporate monitoring queries.

Ssd 3

High
Confidence
99% confidence
Finding
Asking the user to disclose an API key in chat so the assistant can 'remember it' is a direct sensitive-data handling flaw. Secrets shared in conversational interfaces may be logged, retained, reused improperly, or exposed to operators/integrations, making credential compromise plausible.

Ssd 3

High
Confidence
99% confidence
Finding
The workflow repeats the pattern of prompting the user to supply the API key for the assistant to remember, reinforcing insecure credential collection and retention. Repetition in the operational steps makes misuse more likely and normalizes handling secrets outside approved secret-management paths.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal