ClawHub

ai-redaction

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its redaction purpose, but it needs Review because it uploads sensitive files externally and persistently logs task URLs that include credential-derived data.

Install only if you are comfortable sending files, filenames, and redaction instructions to BestCoffer. Use a limited-scope API key, avoid highly sensitive documents until the publisher clarifies URL credential handling and debug logging, and consider deleting the local ai-redaction log files after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Findings (15)

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The '强制规则' section says the agent must not reply with API key, file ID, status, or logs, implying operational/status details should not be exposed. But later sections direct the agent to return a query link for checking progress/downloads and provide audit information, which contradicts the earlier stated intent to withhold status-related information.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
No manifest is available, so the skill has no stated purpose that would justify writing persistent logs under the user's home directory/temp directory or reading API credentials from environment variables. The code logs operational details to local files and falls back to process.env for API keys, which are materially sensitive capabilities beyond a minimally justified unknown-purpose baseline.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
With no manifest description, there is no stated purpose that justifies transmitting local file contents to https://openapi4ai.bestcoffer.com.cn/ via multipart upload. This is a strong external-data-transfer capability, and in the absence of declared intent it is context-inappropriate for an unknown-purpose skill.

Vague Triggers

High
Confidence
97% confidence
Finding
The manifest trigger list contains generic words such as “敏感信息”, “涂黑”, “脱敏”, “打码”, “屏蔽”, “遮盖”, and “黑掉”, which commonly appear in ordinary conversation outside this specific skill context. The file also claims broad fuzzy matching and comprehensive coverage, increasing the chance that normal user requests will unintentionally activate the skill.

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger section states that it 'fully covers global high-frequency natural dialogue' and supports fuzzy matching, then enumerates a very wide range of industry phrases and colloquial utterances. This does not clearly define when the skill should not activate, making invocation boundaries ambiguous for a markdown/manifest file.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The description says uploaded files are processed and a result link is returned, but it does not clearly warn at the point of description that user files and instructions are sent to BestCoffer for processing. Although the document later mentions encrypted handling, the markdown lacks an upfront disclosure that external processing occurs and returns a hosted query/download URL.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
At L4, the skill reads API credentials from multiple environment variables and then transmits data to an external service, but the code only emits operational logs and error messages. There is no confirmation prompt, explicit disclosure comment, or docstring warning that the skill consumes sensitive credentials from the environment and sends user files to a remote API.

Natural-Language Policy Violations

Medium
Confidence
97% confidence
Finding
Multiple user-facing strings at L4, including API key guidance and runtime error messages, are written only in Chinese. This enforces a specific language for user interaction without any visible opt-in, fallback, or documented locale constraint, which matches the language-policy violation criteria.

Hidden Instructions

High
Category
Prompt Injection
Content
---
name: ai-redaction
description: 一款专为个人用户设计的智能文件脱敏工具,强调纯个人独立模式。支持通过自然语言指令,脱敏用户上传的文件,对 PDF、Word、图片等多种格式的文件进行快速、精准、安全的隐私信息处理。处理完成后返回查询链接,可查看处理进度和下载结果
author: LianWei
Confidence
60% confidence
Finding
Hidden instructions were detected in comments or invisible text. These could contain malicious directives. Manual review is recommended.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
"use strict";var __getOwnPropNames=Object.getOwnPropertyNames,__commonJS=(d,p)=>function(){return p||(0,d[__getOwnPropNames(d)[0]])((p={exports:{}}).exports,p),p.exports},require_delayed_stream=__commonJS({"node_modules/delayed-stream/lib/delayed_stream.js"(d,p){var i=require("stream").Stream,r=require("util");p.exports=c;function c(){this.source=null,this.dataSize=0,this.maxDataSize=1024*1024,this.pauseStream=!0,this._maxDataSizeExceeded=!1,this._released=!1,this._bufferedEvents=[]}r.inherits(c,i),c.create=function(s,n){var m=new this;n=n||{};for(var v in n)m[v]=n[v];m.source=s;var b=s.emit;return s.emit=function(){return m._handleEmit(arguments),b.apply(s,arguments)},s.on("error",function(){}),m.pauseStream&&s.pause(),m},Object.defineProperty(c.prototype,"readable",{configurable:!0,enumerable:!0,get:function(){return this.source.readable}}),c.prototype.setEncoding=function(){return this.source.setEncoding.apply(this.source,arguments)},c.prototype.resume=function(){this._released||this.release(),this.source.resume()},c.prototype.pause=function(){this.source.pause()},c.prototype.release=function(){this._released=!0,this._bufferedEvents.forEach(function(s){this.emit.apply(this,s)}.bind(this)),this._bufferedEvents=[]},c.prototype.pipe=function(){var s=i.prototype.pipe.apply(this,arguments);return this.resume(),s},c.prototype._handleEmit=function(s){if(this._released){this.emit.apply(this,s);return}s[0]==="data"&&(this.dataSize+=s[1].length,this._checkIfMaxDataSizeExceeded()),this._bufferedEvents.push(s)},c.prototype._checkIfMaxDataSizeExceeded=function(){if(!this._maxDataSizeExceeded&&!(this.dataSize<=this.maxDataSize)){this._maxDataSizeExceeded=!0;var s="DelayedStream#maxDataSize of "+this.maxDataSize+" bytes exceeded.";this.emit("error",new Error(s))}}}}),require_combined_stream=__commonJS({"node_modules/combined-stream/lib/combined_stream.js"(d,p){var i=require("util"),r=require("stream").Stream,c=require_delayed_stream();p.exports=s;function s(){this.writable=!1,t
...[truncated 28 chars]
Confidence
95% confidence
Finding
rms+xml":{source:"iana",compressible:!0},"application/

Tool Parameter Abuse

High
Category
Tool Misuse
Content
"use strict";var __getOwnPropNames=Object.getOwnPropertyNames,__commonJS=(d,p)=>function(){return p||(0,d[__getOwnPropNames(d)[0]])((p={exports:{}}).exports,p),p.exports},require_delayed_stream=__commonJS({"node_modules/delayed-stream/lib/delayed_stream.js"(d,p){var i=require("stream").Stream,r=require("util");p.exports=c;function c(){this.source=null,this.dataSize=0,this.maxDataSize=1024*1024,this.pauseStream=!0,this._maxDataSizeExceeded=!1,this._released=!1,this._bufferedEvents=[]}r.inherits(c,i),c.create=function(s,n){var m=new this;n=n||{};for(var v in n)m[v]=n[v];m.source=s;var b=s.emit;return s.emit=function(){return m._handleEmit(arguments),b.apply(s,arguments)},s.on("error",function(){}),m.pauseStream&&s.pause(),m},Object.defineProperty(c.prototype,"readable",{configurable:!0,enumerable:!0,get:function(){return this.source.readable}}),c.prototype.setEncoding=function(){return this.source.setEncoding.apply(this.source,arguments)},c.prototype.resume=function(){this._released||this.release(),this.source.resume()},c.prototype.pause=function(){this.source.pause()},c.prototype.release=function(){this._released=!0,this._bufferedEvents.forEach(function(s){this.emit.apply(this,s)}.bind(this)),this._bufferedEvents=[]},c.prototype.pipe=function(){var s=i.prototype.pipe.apply(this,arguments);return this.resume(),s},c.prototype._handleEmit=function(s){if(this._released){this.emit.apply(this,s);return}s[0]==="data"&&(this.dataSize+=s[1].length,this._checkIfMaxDataSizeExceeded()),this._bufferedEvents.push(s)},c.prototype._checkIfMaxDataSizeExceeded=function(){if(!this._maxDataSizeExceeded&&!(this.dataSize<=this.maxDataSize)){this._maxDataSizeExceeded=!0;var s="DelayedStream#maxDataSize of "+this.maxDataSize+" bytes exceeded.";this.emit("error",new Error(s))}}}}),require_combined_stream=__commonJS({"node_modules/combined-stream/lib/combined_stream.js"(d,p){var i=require("util"),r=require("stream").Stream,c=require_delayed_stream();p.exports=s;function s(){this.writable=!1,t
...[truncated 28 chars]
Confidence
95% confidence
Finding
rms":{source:"iana",extensions:["rms"]},"application/

Tool Parameter Abuse

High
Category
Tool Misuse
Content
"use strict";var __getOwnPropNames=Object.getOwnPropertyNames,__commonJS=(d,p)=>function(){return p||(0,d[__getOwnPropNames(d)[0]])((p={exports:{}}).exports,p),p.exports},require_delayed_stream=__commonJS({"node_modules/delayed-stream/lib/delayed_stream.js"(d,p){var i=require("stream").Stream,r=require("util");p.exports=c;function c(){this.source=null,this.dataSize=0,this.maxDataSize=1024*1024,this.pauseStream=!0,this._maxDataSizeExceeded=!1,this._released=!1,this._bufferedEvents=[]}r.inherits(c,i),c.create=function(s,n){var m=new this;n=n||{};for(var v in n)m[v]=n[v];m.source=s;var b=s.emit;return s.emit=function(){return m._handleEmit(arguments),b.apply(s,arguments)},s.on("error",function(){}),m.pauseStream&&s.pause(),m},Object.defineProperty(c.prototype,"readable",{configurable:!0,enumerable:!0,get:function(){return this.source.readable}}),c.prototype.setEncoding=function(){return this.source.setEncoding.apply(this.source,arguments)},c.prototype.resume=function(){this._released||this.release(),this.source.resume()},c.prototype.pause=function(){this.source.pause()},c.prototype.release=function(){this._released=!0,this._bufferedEvents.forEach(function(s){this.emit.apply(this,s)}.bind(this)),this._bufferedEvents=[]},c.prototype.pipe=function(){var s=i.prototype.pipe.apply(this,arguments);return this.resume(),s},c.prototype._handleEmit=function(s){if(this._released){this.emit.apply(this,s);return}s[0]==="data"&&(this.dataSize+=s[1].length,this._checkIfMaxDataSizeExceeded()),this._bufferedEvents.push(s)},c.prototype._checkIfMaxDataSizeExceeded=function(){if(!this._maxDataSizeExceeded&&!(this.dataSize<=this.maxDataSize)){this._maxDataSizeExceeded=!0;var s="DelayedStream#maxDataSize of "+this.maxDataSize+" bytes exceeded.";this.emit("error",new Error(s))}}}}),require_combined_stream=__commonJS({"node_modules/combined-stream/lib/combined_stream.js"(d,p){var i=require("util"),r=require("stream").Stream,c=require_delayed_stream();p.exports=s;function s(){this.writable=!1,t
...[truncated 28 chars]
Confidence
95% confidence
Finding
rm"]},"application/

Tool Parameter Abuse

High
Category
Tool Misuse
Content
"use strict";var __getOwnPropNames=Object.getOwnPropertyNames,__commonJS=(d,p)=>function(){return p||(0,d[__getOwnPropNames(d)[0]])((p={exports:{}}).exports,p),p.exports},require_delayed_stream=__commonJS({"node_modules/delayed-stream/lib/delayed_stream.js"(d,p){var i=require("stream").Stream,r=require("util");p.exports=c;function c(){this.source=null,this.dataSize=0,this.maxDataSize=1024*1024,this.pauseStream=!0,this._maxDataSizeExceeded=!1,this._released=!1,this._bufferedEvents=[]}r.inherits(c,i),c.create=function(s,n){var m=new this;n=n||{};for(var v in n)m[v]=n[v];m.source=s;var b=s.emit;return s.emit=function(){return m._handleEmit(arguments),b.apply(s,arguments)},s.on("error",function(){}),m.pauseStream&&s.pause(),m},Object.defineProperty(c.prototype,"readable",{configurable:!0,enumerable:!0,get:function(){return this.source.readable}}),c.prototype.setEncoding=function(){return this.source.setEncoding.apply(this.source,arguments)},c.prototype.resume=function(){this._released||this.release(),this.source.resume()},c.prototype.pause=function(){this.source.pause()},c.prototype.release=function(){this._released=!0,this._bufferedEvents.forEach(function(s){this.emit.apply(this,s)}.bind(this)),this._bufferedEvents=[]},c.prototype.pipe=function(){var s=i.prototype.pipe.apply(this,arguments);return this.resume(),s},c.prototype._handleEmit=function(s){if(this._released){this.emit.apply(this,s);return}s[0]==="data"&&(this.dataSize+=s[1].length,this._checkIfMaxDataSizeExceeded()),this._bufferedEvents.push(s)},c.prototype._checkIfMaxDataSizeExceeded=function(){if(!this._maxDataSizeExceeded&&!(this.dataSize<=this.maxDataSize)){this._maxDataSizeExceeded=!0;var s="DelayedStream#maxDataSize of "+this.maxDataSize+" bytes exceeded.";this.emit("error",new Error(s))}}}}),require_combined_stream=__commonJS({"node_modules/combined-stream/lib/combined_stream.js"(d,p){var i=require("util"),r=require("stream").Stream,c=require_delayed_stream();p.exports=s;function s(){this.writable=!1,t
...[truncated 28 chars]
Confidence
95% confidence
Finding
rmvb"]},"application/

Tool Parameter Abuse

High
Category
Tool Misuse
Content
"use strict";var __getOwnPropNames=Object.getOwnPropertyNames,__commonJS=(d,p)=>function(){return p||(0,d[__getOwnPropNames(d)[0]])((p={exports:{}}).exports,p),p.exports},require_delayed_stream=__commonJS({"node_modules/delayed-stream/lib/delayed_stream.js"(d,p){var i=require("stream").Stream,r=require("util");p.exports=c;function c(){this.source=null,this.dataSize=0,this.maxDataSize=1024*1024,this.pauseStream=!0,this._maxDataSizeExceeded=!1,this._released=!1,this._bufferedEvents=[]}r.inherits(c,i),c.create=function(s,n){var m=new this;n=n||{};for(var v in n)m[v]=n[v];m.source=s;var b=s.emit;return s.emit=function(){return m._handleEmit(arguments),b.apply(s,arguments)},s.on("error",function(){}),m.pauseStream&&s.pause(),m},Object.defineProperty(c.prototype,"readable",{configurable:!0,enumerable:!0,get:function(){return this.source.readable}}),c.prototype.setEncoding=function(){return this.source.setEncoding.apply(this.source,arguments)},c.prototype.resume=function(){this._released||this.release(),this.source.resume()},c.prototype.pause=function(){this.source.pause()},c.prototype.release=function(){this._released=!0,this._bufferedEvents.forEach(function(s){this.emit.apply(this,s)}.bind(this)),this._bufferedEvents=[]},c.prototype.pipe=function(){var s=i.prototype.pipe.apply(this,arguments);return this.resume(),s},c.prototype._handleEmit=function(s){if(this._released){this.emit.apply(this,s);return}s[0]==="data"&&(this.dataSize+=s[1].length,this._checkIfMaxDataSizeExceeded()),this._bufferedEvents.push(s)},c.prototype._checkIfMaxDataSizeExceeded=function(){if(!this._maxDataSizeExceeded&&!(this.dataSize<=this.maxDataSize)){this._maxDataSizeExceeded=!0;var s="DelayedStream#maxDataSize of "+this.maxDataSize+" bytes exceeded.";this.emit("error",new Error(s))}}}}),require_combined_stream=__commonJS({"node_modules/combined-stream/lib/combined_stream.js"(d,p){var i=require("util"),r=require("stream").Stream,c=require_delayed_stream();p.exports=s;function s(){this.writable=!1,t
...[truncated 28 chars]
Confidence
95% confidence
Finding
rmi"]},"audio/mobile-xmf":{source:"iana",extensions:["mxmf"]},"audio/

Tool Parameter Abuse

High
Category
Tool Misuse
Content
"use strict";var __getOwnPropNames=Object.getOwnPropertyNames,__commonJS=(d,p)=>function(){return p||(0,d[__getOwnPropNames(d)[0]])((p={exports:{}}).exports,p),p.exports},require_delayed_stream=__commonJS({"node_modules/delayed-stream/lib/delayed_stream.js"(d,p){var i=require("stream").Stream,r=require("util");p.exports=c;function c(){this.source=null,this.dataSize=0,this.maxDataSize=1024*1024,this.pauseStream=!0,this._maxDataSizeExceeded=!1,this._released=!1,this._bufferedEvents=[]}r.inherits(c,i),c.create=function(s,n){var m=new this;n=n||{};for(var v in n)m[v]=n[v];m.source=s;var b=s.emit;return s.emit=function(){return m._handleEmit(arguments),b.apply(s,arguments)},s.on("error",function(){}),m.pauseStream&&s.pause(),m},Object.defineProperty(c.prototype,"readable",{configurable:!0,enumerable:!0,get:function(){return this.source.readable}}),c.prototype.setEncoding=function(){return this.source.setEncoding.apply(this.source,arguments)},c.prototype.resume=function(){this._released||this.release(),this.source.resume()},c.prototype.pause=function(){this.source.pause()},c.prototype.release=function(){this._released=!0,this._bufferedEvents.forEach(function(s){this.emit.apply(this,s)}.bind(this)),this._bufferedEvents=[]},c.prototype.pipe=function(){var s=i.prototype.pipe.apply(this,arguments);return this.resume(),s},c.prototype._handleEmit=function(s){if(this._released){this.emit.apply(this,s);return}s[0]==="data"&&(this.dataSize+=s[1].length,this._checkIfMaxDataSizeExceeded()),this._bufferedEvents.push(s)},c.prototype._checkIfMaxDataSizeExceeded=function(){if(!this._maxDataSizeExceeded&&!(this.dataSize<=this.maxDataSize)){this._maxDataSizeExceeded=!0;var s="DelayedStream#maxDataSize of "+this.maxDataSize+" bytes exceeded.";this.emit("error",new Error(s))}}}}),require_combined_stream=__commonJS({"node_modules/combined-stream/lib/combined_stream.js"(d,p){var i=require("util"),r=require("stream").Stream,c=require_delayed_stream();p.exports=s;function s(){this.writable=!1,t
...[truncated 28 chars]
Confidence
95% confidence
Finding
rmp"]},"audio/x-realaudio":{source:"nginx",extensions:["ra"]},"audio/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal