ClawHub

Double Color Ball

Security checks across malware telemetry and agentic risk

Overview

The skill’s lottery lookup behavior is mostly coherent, but it includes under-disclosed local credential/configuration scanning and unsafe networking choices that warrant review before installation.

Review or remove check_env.py before installing, and avoid running the skill in a workspace that contains secrets in .env, MEMORY.md, TOOLS.md, or OpenClaw config files. Treat the lottery data as unverified entertainment output, especially when network retrieval fails and simulated data may be used. The code also disables TLS certificate verification, so results could be tampered with in transit.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (12)

Intent-Code Divergence

High
Confidence
96% confidence
Finding
The module header claims it uses a Baidu API for real-time lottery data, but the code actually scrapes Baidu search result pages and then falls back to guessed or randomly generated values when parsing fails. This is dangerous because it materially misrepresents provenance and accuracy, causing downstream users or agents to trust fabricated or stale output as authoritative real-time data.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The output statement says the skill uses Baidu real-time data as the primary source regardless of whether the actual result came from third-party APIs or fully simulated test data. This misleads users about the trustworthiness and freshness of the output and can hide that the displayed results are synthetic.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The fallback path fabricates random lottery results and formats them with recent-looking dates and issue numbers, which can be presented alongside real results as if they were legitimate draw history. In a lottery-results skill, this is dangerous because users are likely to rely on the output as factual, so fabricated data directly undermines integrity and can mislead decisions or downstream automation.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The file header claims the script ensures latest real-time draw data, but the implementation can silently degrade to simulated results when network retrieval fails. This mismatch is security-relevant because it creates deceptive assurances about data authenticity and freshness, increasing the chance that users trust false information.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list includes very broad terms such as "彩票" and generic query phrases, which can cause the skill to activate for unrelated gambling or lottery discussions without clear user intent. Because this skill performs network-backed data retrieval and presents predictive content, unintended activation increases the chance of unnecessary external requests and incorrect routing of user queries.

Natural-Language Policy Violations

Medium
Confidence
97% confidence
Finding
The statement that future 双色球 queries should automatically use this skill establishes a default override without explicit user opt-in. This is dangerous because it can silently force routing to a networked third-party-data skill, bypassing user choice and increasing the risk of unwanted execution, over-collection of query context, and lock-in to potentially inaccurate or manipulated results.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script enumerates credential-related environment variables and prints their presence and partial values to stdout. Even though the values are masked, exposing secret existence, suffixes, and PATH contents can leak sensitive operational details into logs or terminal history without user consent.

Missing User Warnings

High
Confidence
98% confidence
Finding
The script opens sensitive files including .env, TOOLS.md, and MEMORY.md, searches for BAIDU-related content, and prints matching lines. This can disclose API keys, service endpoints, internal notes, or other secrets directly to stdout, creating a clear credential and configuration exposure risk.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The code explicitly disables TLS certificate validation and hostname checking for HTTPS requests. This allows a man-in-the-middle attacker to intercept or modify lottery data in transit, causing the script to trust attacker-controlled content and produce falsified output.

Env Variable Harvesting

High
Category
Data Exfiltration
Content
print("\n1. 检查环境变量:")
important_vars = ['BAIDU_AK', 'BAIDU_API_KEY', 'BAIDU_SEARCH_KEY', 'PATH']
for key in important_vars:
    val = os.environ.get(key)
    if val:
        if 'KEY' in key or 'AK' in key:
            # 隐藏API密钥
Confidence
96% confidence
Finding
os.environ.get(key

Credential Access

High
Category
Privilege Escalation
Content
search_paths = [
    r"C:\Users\duyun\.openclaw\workspace\TOOLS.md",
    r"C:\Users\duyun\.openclaw\workspace\MEMORY.md",
    r"C:\Users\duyun\.openclaw\workspace\.env",
    r"C:\Users\duyun\.openclaw\.env"
]
Confidence
97% confidence
Finding
.env"

Credential Access

High
Category
Privilege Escalation
Content
r"C:\Users\duyun\.openclaw\workspace\TOOLS.md",
    r"C:\Users\duyun\.openclaw\workspace\MEMORY.md",
    r"C:\Users\duyun\.openclaw\workspace\.env",
    r"C:\Users\duyun\.openclaw\.env"
]

for path in search_paths:
Confidence
97% confidence
Finding
.env"

VirusTotal

No VirusTotal findings

View on VirusTotal