ClawHub

A股新债申购助手

Security checks across malware telemetry and agentic risk

Overview

This stock reminder skill mostly matches its stated purpose, but it asks for more Feishu access than the code appears to use and makes unsupported safety/certification claims.

Install only if you are comfortable with automated Feishu notifications. Use a dedicated low-privilege Feishu bot or webhook, avoid providing table read/write tokens unless you have reviewed why they are needed, keep credentials out of source control, and treat the skill's self-stated certification claims as unverified.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The script repeatedly claims it is "100% safe/compliant" and presents trust-signaling language such as "ClawHub合规认证" while also transmitting user-specific results to an external Feishu webhook. Even if the webhook use is intended functionality, the undisclosed outbound transmission and exaggerated safety claims can mislead reviewers and users about the skill's actual data flows and trust boundaries.

Intent-Code Divergence

Low
Confidence
79% confidence
Finding
The code labels both sources as "official API" and later states "仅使用官方API," but the Jisilu endpoint is only treated as a fixed HTTPS endpoint with no evidence of official authorization or contractual API status. This is primarily a trust and transparency issue: inaccurate provenance claims can cause users to rely on data handling and legitimacy assumptions that are not actually established.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The README advertises scheduled execution, Feishu message delivery, and table writes, but it does not prominently warn users that data will be transmitted to external Feishu endpoints on an ongoing automated basis. This can lead to unintended outbound data sharing or persistent automated actions if a user deploys the skill without fully understanding its behavior.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation instructs users to configure sensitive credentials such as a Feishu webhook, access token, app token, and table ID, but it does not include any warning about secret handling, storage, rotation, or preventing accidental disclosure. In a skill intended for automation and publication, this omission increases the risk that users will paste secrets into insecure locations, commit them to source control, or expose them through logs and shared environments.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill documentation states that it will automatically initialize Feishu tables, update table status, and push reminder messages, but it does not clearly warn users that the skill can modify external systems and send outbound notifications on their behalf. This can lead to unintended data changes, spam, or operational side effects if a user enables the skill without understanding its write capabilities and scheduling behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal