ClawHub

Dianping Query Moss

Security checks across malware telemetry and agentic risk

Overview

This is a restaurant lookup skill, but it asks the agent to use a named Dianping account and potentially handle phone/SMS login while forcing a Hangzhou location workaround.

Review before installing. Use this only if you intentionally want Dianping searches scoped around Hangzhou and are comfortable with the agent using the named Dianping account. Do not paste SMS codes or credentials into chat; complete any login directly in Dianping's own UI and confirm the city/account context before browsing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
The skill hard-codes use of a specific logged-in account ('一定S') and a fixed regional context without user opt-in or an opportunity to choose a different account or locale. This can cause actions and data retrieval to occur under the wrong identity or jurisdictional context, creating privacy, consent, and account-misuse risks.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to use a specific authenticated Dianping account to collect restaurant information, but it does not include a user-facing warning that browsing and queries may occur under that account and may expose account state, location assumptions, or activity history. The additional guidance to 'bypass' location behavior via URL parameters increases concern because it encourages operating around account context rather than transparently obtaining user consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal