ClawHub

Oil Price Monitor

Security checks across malware telemetry and agentic risk

Overview

The skill’s core scraper/notifier purpose is plausible, but the reported extra CLI, caching, subprocess behavior, and unclear Feishu delivery create enough under-disclosure to require review before installation.

Review the SKILL.md and scripts before installing. Confirm exactly what commands it runs, where it stores caches, whether it actually sends Feishu messages, and what credentials or webhooks it needs. Prefer installing only after dependencies are pinned to safe versions and the notification and scheduling behavior is documented clearly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill advertises operational capabilities that imply network access, local file access, file writing, and shell/subprocess use, but it declares no permissions. This creates a transparency and sandboxing problem: users or a host platform cannot accurately assess or restrict what the skill may do, increasing the risk of unintended filesystem access, command execution, or outbound communication.

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The documented behavior does not match the described purpose: the skill appears to maintain caches, precompute schedules, invoke a subprocess, expose additional CLI modes, and does not actually implement Feishu notification delivery as claimed. This mismatch is dangerous because reviewers and users may approve or trust the skill based on an incomplete understanding of its real behavior, masking extra attack surface and undermining informed consent.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0
beautifulsoup4>=4.11.0
lxml>=4.9.0
Confidence
93% confidence
Finding
requests>=2.28.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0
beautifulsoup4>=4.11.0
lxml>=4.9.0
Confidence
92% confidence
Finding
beautifulsoup4>=4.11.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0
beautifulsoup4>=4.11.0
lxml>=4.9.0
Confidence
94% confidence
Finding
lxml>=4.9.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
89% confidence
Finding
requests

Known Vulnerable Dependency: lxml — 10 advisory(ies): CVE-2021-43818 (lxml's HTML Cleaner allows crafted and SVG embedded scripts to pass through); CVE-2014-3146 (lxml Cross-site Scripting Via Control Characters); CVE-2021-28957 (lxml vulnerable to Cross-Site Scripting ) +7 more

High
Category
Supply Chain
Confidence
88% confidence
Finding
lxml

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal