ClawHub

我家云工单

Security checks across malware telemetry and agentic risk

Overview

This Wojiayun API skill mostly matches its stated purpose, but it includes under-disclosed credential and data-handling risks that should be reviewed before use.

Install only if you trust the publisher and have a scoped Wojiayun API key. Do not use the bundled default-key helper, treat local key/token/config files and generated SQL exports as sensitive business data, avoid changing the base URL, and review any action that creates work orders, uploads files, switches projects, or exports inventory data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The module claims to securely store and manage API keys, but it includes a built-in initializer that writes a hardcoded API key into the local key store. Embedding secrets in source code is a real credential exposure risk because anyone with repository, package, or artifact access can recover and misuse the key, and the "secure storage" claim may cause operators to trust the module more than warranted.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The code describes the whitelist as the set of interfaces that are safe to call, but it includes state-changing operations such as file upload, workorder creation, and project switching. In an agent-skill context, a whitelist is often treated as a trust boundary, so allowing write-capable endpoints increases the chance of unintended or unauthorized external actions despite the presence of a blacklist for a few equipment-management routes.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill automatically enumerates and retrieves all equipment records over the network without any explicit notice, confirmation, or scope limitation. In an agent setting, this can cause unintended bulk collection of potentially sensitive asset inventory data, increasing privacy and operational exposure even when the API token is valid.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The export function writes the full fetched equipment dataset to a SQL file on disk with no warning, confirmation, classification, or protection of potentially sensitive inventory fields. This creates a durable local copy that may be easier to exfiltrate, mishandle, or ingest into other systems than the original transient API response.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The function `init_default_key()` silently stores a hardcoded API key without any prompt, warning, or environmental guardrail. If invoked during setup, testing, or by another module, it can seed a real secret into the system and normalize use of an embedded credential, leading to unauthorized API usage, billing abuse, or downstream compromise if the key has broad privileges.

Missing User Warnings

Medium
Confidence
76% confidence
Finding
Changing the mode to production implicitly triggers a build/obfuscation operation as a hidden side effect, and all exceptions are silently suppressed. In an agent skill context, undisclosed build or code-transformation behavior is risky because it can unexpectedly modify artifacts, hinder reviewability, and mask failures or abuse under the guise of a simple configuration change.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The client sends HTTP requests with caller-supplied headers, including authorization tokens, and can automatically refresh tokens and retry requests without any user-visible disclosure or approval at the call site. In an agent environment, this can cause silent transmission of credentials and user data to a remote service, making misuse or overreach harder for the user to detect.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The code sends the API key as a query parameter in an outbound HTTP request. Query parameters are commonly logged by client libraries, proxies, web servers, and monitoring systems, which can expose the credential even if HTTPS is used; this file also provides no validation that base_url is restricted to a trusted HTTPS endpoint.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal