ClawHub

彩票预测 V2.15

Security checks across malware telemetry and agentic risk

Overview

The lottery predictor mostly matches its purpose, but it ships unrelated publishing automation that could use a user’s ClawHub account if run.

Install only if you intend to use a local lottery-history database and can avoid the publishing materials. Do not run auto_publish.sh or set CLAWHUB_TOKEN for this package unless you are deliberately publishing it from your own account. Keep LOTTERY_DB_PATH pointed at a dedicated lottery database, not personal SQLite files, and treat the predictions as entertainment rather than reliable financial guidance.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

High
Confidence
94% confidence
Finding
The script performs automated publishing of the skill to an external distribution mechanism, which is materially outside the declared lottery-prediction functionality. Embedding deployment behavior in a user-facing skill increases the risk of unauthorized release, accidental propagation of unsafe updates, and abuse of any available publisher credentials on the host.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
This file includes release/deployment capability unrelated to lottery prediction, allowing the skill to trigger outward-facing publication actions rather than just local computation. In the context of a prediction tool, that scope mismatch makes the behavior more suspicious and dangerous because it can be leveraged to publish unreviewed or malicious content using the operator's environment and trust context.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script exposes both the SQLite database path and the table name through CLI arguments, then interpolates the table name directly into SQL. This gives the tool broader local data-access capability than its stated lottery-only purpose and can be abused to read arbitrary SQLite files and query unintended tables if an attacker can influence invocation parameters.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The guide instructs users to create an API token and place it directly into an environment variable without any warning about token secrecy, shell history exposure, terminal logging, or safer handling practices. In a publishing workflow, this can lead to credential leakage through copied commands, shared shell history, screenshots, CI logs, or persisted shell profiles, enabling unauthorized access to the user's ClawHub account.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The example trigger phrases are broad everyday requests such as asking to predict the next lottery issue, which may cause accidental activation without clear boundaries. Ambiguous invocation increases the chance the skill runs in unintended contexts, which becomes more dangerous if the skill has hidden side effects or accesses local resources like the configured database path.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal