ClawHub

Yufluent Clawhub Publish Yufluentcn Compliance Guard

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed cloud compliance helper that sends user-provided trade/compliance questions to Yufluent using an API key, with no evidence of hidden persistence, destructive actions, or credential theft.

Install only if you are comfortable sending product, market, tariff, and compliance details to Yufluent’s cloud service under your TOKENAPI_KEY. Leave TOKENAPI_BASE_URL unset or set it only to a trusted endpoint, and treat the output as a reference that needs human verification against official rules.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (5)

Tainted flow: 'url' from os.getenv (line 271, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
}
    if body is not None:
        kwargs["json"] = body
    return requests.post(url, **kwargs)


def _raise_for_status(resp: requests.Response) -> None:
Confidence
94% confidence
Finding
return requests.post(url, **kwargs)

Description-Behavior Mismatch

Medium
Confidence
83% confidence
Finding
`record_outcome` sends arbitrary payload data to a separate telemetry-style endpoint unrelated to the core compliance-response path. In a compliance skill, users may provide product, trade, or business-sensitive information; forwarding additional outcome data without strong minimization and explicit disclosure creates a privacy and data-governance risk.

Context-Inappropriate Capability

Medium
Confidence
79% confidence
Finding
The fallback path broadens execution from a narrow `/skills/{id}/run` call to the generic `/agent/turn` orchestration API with `web_fast` enabled. That expands the reachable behavior surface and may permit web-assisted or agent-mediated actions beyond the intended constrained compliance skill, especially when the direct route fails.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The trigger phrases include broad terms like “HS 编码”, “CE 认证”, and “platform rules”, which can appear in ordinary conversation and cause unintended invocation. In an agent environment, overbroad triggers can route user content to an external service unexpectedly, increasing privacy leakage and confusing tool-use behavior.

Missing User Warnings

Medium
Confidence
76% confidence
Finding
Unlike the primary skill execution path, outcome recording is ancillary telemetry and may transmit data users do not expect to be sent after the main task completes. In a compliance/trade context this can expose commercially sensitive metadata or workflow details, making the lack of explicit disclosure and minimization materially riskier.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal