ClawHub

美团C端用户Agent认证工具

Security checks across malware telemetry and agentic risk

Overview

The skill mostly performs Meituan login, but it stores reusable account tokens in shared local files and includes under-documented scheduled coupon automation, so it needs review before installation.

Install only if you trust the publisher and the downstream Meituan skills that may receive the token. Treat mt_auth_tokens.json as sensitive credential storage, use an isolated workspace where possible, avoid untrusted SKILL_CACHE_CLI_PATH or SKILL_CACHE_PYTHON values, and use both logout and clear-device-token when you want to remove persisted account state.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The skill's token storage documentation is internally inconsistent: it states one default shared cache location, but the environment variable table names a different default path. For an authentication skill storing user_token and device_token, this can cause tokens to be written, read, or audited from the wrong file, leading to accidental exposure, stale-token reuse, failed logout semantics, or operators applying incorrect permissions/backup rules to the wrong location.

Intent-Code Divergence

High
Confidence
88% confidence
Finding
The file presents itself as an authentication utility, but it also contains unrelated automation logic for scheduled coupon claiming. This scope mismatch is dangerous because users and reviewers may grant trust or permissions appropriate for login only, while the code can also persist scheduling preferences and orchestrate automated actions on the user's behalf.

Context-Inappropriate Capability

High
Confidence
93% confidence
Finding
This authentication script includes cross-platform scheduling functionality that can create or facilitate recurring automated coupon-claiming tasks, which is unrelated to core auth handling. Embedding persistence and automation inside an auth component increases the risk of covert long-lived behavior and makes privilege boundaries unclear, especially because the returned schedule payloads are ready to be executed by an agent platform.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The document instructs persistent storage of authentication tokens in a predictable local file path and does not mention file permission hardening, encryption, rotation, or operational handling of sensitive auth data. In an agent context, this increases the risk of credential theft through local file disclosure, sandbox escape side effects, shared home directories, backups, logs, or accidental check-in of auth material.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal