ClawHub

Yufluent Clawhub Publish Yufluentcn Ecommerce Listing

Security checks across malware telemetry and agentic risk

Overview

This listing generator is mostly coherent, but it needs review because it sends a sensitive Yufluent token and product data to a configurable API endpoint and can silently fall back to a broader agent endpoint.

Install only if you trust Yufluent/changzhiai with your product data and tk-* token. Set TOKENAPI_BASE_URL only to the intended Yufluent endpoint, avoid committing or sharing TOKENAPI_KEY or .env files, and understand that server errors can cause the client to retry through /agent/turn rather than only the narrower listing endpoint.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Tainted flow: 'url' from os.getenv (line 271, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
}
    if body is not None:
        kwargs["json"] = body
    return requests.post(url, **kwargs)


def _raise_for_status(resp: requests.Response) -> None:
Confidence
90% confidence
Finding
return requests.post(url, **kwargs)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README instructs users to export and reuse a `tk-*` API token, and explicitly states that OpenClaw conversation and `run.py` share the same credential, but it does not warn that the token is sensitive, should be scoped minimally, or must not be logged, committed, or shared. In a hosted or multi-tool environment, shared credentials increase the blast radius of accidental disclosure or misuse because compromise of one interface can expose access across both chat and skill execution paths.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The skill instructs users to set TOKENAPI_KEY and even suggests writing it to a .env file, but it does not warn users to keep the secret out of source control, logs, screenshots, or shared artifacts. In agent and developer workflows, missing secret-handling guidance materially increases the chance of accidental credential exposure.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
On certain server errors, the client silently falls back from the narrow /skills/*/run endpoint to /agent/turn, which sends the payload embedded in a natural-language message plus session metadata to a broader orchestration endpoint. This changes the data recipient and processing path without explicit caller opt-in, increasing privacy and scope-of-processing risk, especially in a skill context where users may expect constrained execution.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
Confidence
97% confidence
Finding
requests>=2.31.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
93% confidence
Finding
requests

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal