ClawHub
Back to skill

Security audit

双色球预测技能 V3.6

Security checks across malware telemetry and agentic risk

Overview

This skill mostly contains an offline lottery predictor, but its package mixes V3.6 and V2.15 identities and includes unrelated publishing automation that could publish the wrong skill if run.

Install only if you are comfortable with an offline lottery predictor reading your local lottery database. Review the package carefully first: remove or ignore the V2.15 publishing scripts and publish guides, verify which prediction script the platform will run, and do not place ClawHub tokens into shell environments from these docs unless you understand the exposure risk.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The publishing guide instructs the operator to publish and inspect a different skill name/version (`lottery-predictor-v2.15`) than the stated skill under review (`lottery-predictor-v3.6`). This can cause an unintended package to be published, inspected, or monetized, leading to release confusion, accidental exposure of the wrong artifact, and loss of integrity in the deployment process.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The published report references a different skill name, display name, version, ID, path, and link (V2.15) than the declared artifact under review (lottery-predictor-v3.6). This kind of identity/version mismatch can cause reviewers or users to validate, install, or trust the wrong artifact, weakening traceability and enabling accidental supply-chain confusion or deliberate substitution to go unnoticed.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The file is an automated publication script embedded in a skill whose stated purpose is lottery prediction, which is a clear mismatch between declared functionality and shipped behavior. Even if it does not directly execute destructive actions, bundling deployment automation creates unnecessary supply-chain and operational risk because the skill can facilitate publishing activity unrelated to end-user prediction features and may expose local paths, logs, and release workflows.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The script claims to belong to the current V3.6 lottery predictor, but actually publishes a different skill/version and slug (V2.15), indicating deceptive or at least dangerously inconsistent release behavior. This can cause accidental publication of stale or unintended artifacts, confuse reviewers, and enable supply-chain mistakes where users receive a different package than the one being assessed.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guide instructs users to place a ClawHub API token directly into an environment variable without any warning about token sensitivity, shell history exposure, process inheritance, or secure storage. In a real operator environment, this can lead to credential leakage through terminal logs, screenshots, shared shells, CI output, or other local processes, enabling unauthorized publishing or account actions.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The example trigger phrases are broad enough that ordinary user conversation about lottery predictions could unintentionally invoke the skill. This can cause unexpected tool execution, access to the configured local lottery database, and user confusion about why a gambling-related skill activated without explicit consent.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The invocation examples use ambiguous natural-language requests that overlap with normal chat, increasing the risk of accidental activation. In this context, accidental activation is more concerning because the skill is tied to gambling-style recommendations and local database access, so users may trigger predictions or record lookups without clearly intending to run a tool.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.