ClawHub

地产项目前期产策报告

Security checks across malware telemetry and agentic risk

Overview

This real-estate strategy skill is mostly coherent, but it needs review because it proactively searches the web with potentially sensitive project context and writes reports to a hard-coded local path with weak filename controls.

Install only if you are comfortable with the agent using web search for project research. Do not include confidential parcel names, deal terms, or internal strategy in search queries unless you approve that exposure. Before running the Python report script, change the output directory to a location you choose and use simple project names without path characters.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill advertises file-generating behavior such as Word, PPT, HTML, and PDF output, which implies file-write capability, but no explicit permission declaration is present. Undeclared write capabilities reduce transparency and can lead to unexpected local artifact creation, especially if downstream scripts write to fixed paths or overwrite files.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The skill's stated purpose is strategic real-estate analysis, but the analyzed behavior includes local file writing, limited template generation, and unsupported claims about implemented outputs and analysis depth. This mismatch is dangerous because users may trust the skill with sensitive project data under false assumptions about what it does, while hidden side effects like local writes expand the attack surface.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The trigger condition is broad enough that mentioning only a project name plus city activates the skill, which increases the chance of accidental invocation. In this context, accidental activation can cause unintended web lookups, processing of sensitive commercial project information, or file-generation workflows without sufficiently informed user intent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill states it will proactively use web search to supplement project information, but it does not warn users that project identifiers, locations, or other sensitive business context may be transmitted to external services. For pre-investment real-estate strategy work, this context may include confidential land parcels, development plans, or competitive positioning, making silent network access more sensitive than in a generic research skill.

Missing User Warnings

Low
Confidence
72% confidence
Finding
The skill describes generating Word, PPT, HTML, and PDF outputs without warning that these formats may create persistent local files or converted artifacts. While not inherently malicious, this can surprise users, leave sensitive reports on disk, or create extra copies during format conversion that are harder to track or delete.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal