ClawHub

Yufluentcn Comp Scrape

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed cloud client for competitor CSV/API-snapshot analysis, with no artifact evidence of hidden persistence, destructive behavior, or automatic data theft.

Install only if you are comfortable sending the provided competitor CSV/API snapshot and optional listing text to Yufluent for cloud processing. Keep TOKENAPI_KEY private, avoid including secrets or personal data in the uploaded inputs, and do not set TOKENAPI_BASE_URL unless you trust that endpoint.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Tainted flow: 'url' from os.getenv (line 107, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
url = skill_run_url(base_url or os.getenv("TOKENAPI_BASE_URL", ""), skill_id)
    try:
        resp = requests.post(
            url,
            json=payload,
            headers={
Confidence
92% confidence
Finding
resp = requests.post( url, json=payload, headers={ "Authorization": f"Bearer {key}", "Accept": "application/json",

Tainted flow: 'url' from os.getenv (line 107, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
url = agent_outcomes_url(base_url or os.getenv("TOKENAPI_BASE_URL", ""))
    try:
        resp = requests.post(
            url,
            json=payload,
            headers={
Confidence
92% confidence
Finding
resp = requests.post( url, json=payload, headers={ "Authorization": f"Bearer {key}", "Accept": "application/json",

Context-Inappropriate Capability

Medium
Confidence
81% confidence
Finding
The module implements an additional outcome-reporting capability that is not clearly reflected in the stated comparison/export purpose. Undocumented telemetry or side-channel reporting increases data exposure risk because payloads and credentials may be transmitted to an external service without user expectation or necessity for the advertised function.

Vague Triggers

Medium
Confidence
72% confidence
Finding
The trigger phrase "competitor batch" is generic and may match ordinary user requests outside the intended constrained workflow. Overly broad activation can cause the agent to invoke a networked third-party skill unexpectedly, increasing the chance of unintended data transfer or workflow hijacking.

Vague Triggers

Medium
Confidence
70% confidence
Finding
The phrase "这些竞品帮我分析" is broad and resembles a common natural-language request that many unrelated conversations could contain. In an agent environment, such vague triggers can lead to accidental invocation of a remote skill and unnecessary exposure of user data to the external service.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script sends user-supplied product names, competitor CSV/export contents, and optionally listing text to a remote cloud API via run_skill(), but this file does not present any explicit notice, confirmation, or redaction step before transmission. Because the data may include proprietary business intelligence or third-party export data, silent cloud transmission creates a real privacy and data-handling risk even if the stated skill purpose is cloud-based analysis.

Missing User Warnings

Medium
Confidence
75% confidence
Finding
The function transmits user-provided payload data and a bearer token to an external endpoint without any in-code disclosure, consent gate, or visible restriction on destination. In a skill handling competitor exports or snapshots, that can lead to unexpected external sharing of sensitive business data, especially when the endpoint is configurable.

Missing User Warnings

Medium
Confidence
74% confidence
Finding
Outcome recording sends data and the bearer token to an external service without explicit disclosure, and this telemetry-like path is even less obvious than the primary skill execution call. Hidden or insufficiently disclosed reporting is risky because users may not expect operational or result data to leave the immediate task context.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal