ClawHub

小蜜蜂数字营销

Security checks across malware telemetry and agentic risk

Overview

This Tradebee skill is mostly purpose-aligned, but it can change or delete business content and stores sensitive local backup files that users should review carefully.

Install only if you trust this publisher with your Tradebee API key and with the ability to read, create, update, and delete Tradebee business data. Before using update actions, make sure users explicitly approve both the API change and the local backup file, and plan how to protect or delete backup files that may contain customer inquiries, visitor telemetry, product data, SEO content, or other sensitive business records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill documentation is internally inconsistent about backup behavior: the parent metadata says updates create a local JSON backup file, while this file initially describes only an in-memory restore payload and later states that sensitive data is written locally. That mismatch is dangerous because operators and calling agents may underestimate persistence and data-handling risk, causing unapproved local storage of business content and backup artifacts.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The top-level description says the skill builds a minimal in-memory restore payload, but later sections say it writes a local JSON backup file containing sensitive business data. This inconsistency can mislead users and higher-level orchestrators about where sensitive data resides, increasing the chance of unauthorized persistence, accidental disclosure, or policy noncompliance.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The manifest presents the skill as performing statistical analysis and producing a structured report, but it actually defines a broad inquiry-record retrieval interface that can return privacy-sensitive fields such as contact details, IP addresses, message content, and attachment URLs. This mismatch is dangerous because an agent may invoke it under the lower-risk mental model of 'analysis' while unintentionally collecting or exposing raw personal data, increasing the chance of overcollection, unauthorized disclosure, or improper downstream handling.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The module writes full pre-update backup bundles to local disk, including raw API responses, snapshots, requested update payloads, restore payloads, and confirmation summaries that may contain sensitive business or personal data. Persisting this data unencrypted in a predictable local backups directory increases the risk of data exposure through local compromise, shared runtime environments, accidental inclusion in logs/artifacts, or backup retention beyond necessity.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger phrases include generic verbs like "show," "check," "find," and "read" in patterns that can overlap with ordinary user requests. In an agentic environment, overly broad routing can cause the skill to activate on ambiguous prompts and send business data to the external Tradebee API when the user did not clearly intend that integration.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill instructs the agent to infer the target object type from generic nouns, which weakens activation boundaries and increases the chance of misrouting. That can lead to unintended reads, updates, or deletes against Tradebee records based on ambiguous conversational wording rather than explicit user authorization.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill mandates writing raw read responses, snapshots, requested update payloads, and restore payloads to local JSON backups and returning them in responses. Because the covered objects include inquiries, visitors, and business content, this creates a substantial risk of over-collection, local retention of sensitive data, and accidental disclosure through logs, tool output, or later compromise of local storage.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill explicitly instructs writing local backup files that may contain sensitive business data from the current blog record and the requested update payload, and also returning backup metadata and raw read data in the response. That expands the exposure surface beyond the API call itself, creating avoidable risks of local data leakage, over-retention, and disclosure through logs, downstream tools, or other agents with filesystem access.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal