ClawHub

Yufluentcn Review Intel

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a review-analysis integration, but it sends review text and bearer-token-authenticated requests to a configurable remote endpoint without enough scoping or user-facing consent.

Review this skill carefully before installing. It should only be used if you are comfortable sending review text and product details to the Yufluent API, and you should verify that TOKENAPI_BASE_URL points to the intended HTTPS service before any run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Tainted flow: 'url' from os.getenv (line 107, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
url = skill_run_url(base_url or os.getenv("TOKENAPI_BASE_URL", ""), skill_id)
    try:
        resp = requests.post(
            url,
            json=payload,
            headers={
Confidence
89% confidence
Finding
resp = requests.post( url, json=payload, headers={ "Authorization": f"Bearer {key}", "Accept": "application/json",

Tainted flow: 'url' from os.getenv (line 107, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
url = agent_outcomes_url(base_url or os.getenv("TOKENAPI_BASE_URL", ""))
    try:
        resp = requests.post(
            url,
            json=payload,
            headers={
Confidence
89% confidence
Finding
resp = requests.post( url, json=payload, headers={ "Authorization": f"Bearer {key}", "Accept": "application/json",

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger phrases are very broad, generic requests such as '分析这些评论' and '差评原因' that are likely to overlap with ordinary user prompts. In agent ecosystems that auto-select skills by trigger text, this can cause unintended invocation of this cloud-connected skill, potentially sending user-provided review content to the external Yufluent service without clear user intent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script sends user-supplied review text and optional product information to a remote cloud API via run_skill() without any explicit user-facing disclosure or confirmation at the point of transfer. Because review text may contain personal, confidential, or regulated data, silent outbound transmission creates a real privacy and compliance risk, especially in a thin-client skill whose primary function is remote processing.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
Confidence
94% confidence
Finding
requests>=2.31.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
78% confidence
Finding
requests

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal