ClawHub

泾川天气预报

Security checks across malware telemetry and agentic risk

Overview

This appears to be a narrow weather skill, but it uses weak network security when fetching forecasts.

Before installing, be aware that the skill may contact a weather API automatically for Jingchuan-related weather requests, and its current transport handling could allow inaccurate or tampered forecast data on an untrusted network. Prefer an updated version that uses normal HTTPS certificate validation, removes HTTP fallback, and declares the exact network endpoint.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documentation describes calling an external weather API, which is a network capability, but no corresponding permission declaration is present. This creates a transparency and policy-enforcement gap: users or the platform may not realize the skill performs outbound requests, and permission controls cannot be applied reliably.

Intent-Code Divergence

Low
Confidence
98% confidence
Finding
The code explicitly disables TLS certificate validation and hostname checking before fetching weather data over HTTPS. This allows a man-in-the-middle attacker to intercept or alter the API response, and the subsequent HTTP fallback further weakens transport security by permitting fully unencrypted retrieval.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The description says the skill auto-triggers on '泾川天气' or similar content, which broadens activation beyond the enumerated trigger phrases. Ambiguous matching can cause the skill to activate unexpectedly on loosely related user input, leading to unintended network calls or user confusion about why the skill ran.

VirusTotal

No VirusTotal findings

View on VirusTotal