ClawHub

YiMa StarEngine

Security checks across malware telemetry and agentic risk

Overview

The skill’s main purpose is understandable, but the package includes and normalizes plaintext session-cookie credentials for a real external business platform.

Review before installing. Do not use the bundled cookie; treat it as exposed, remove it, and rotate/revoke the corresponding account session. Only use least-privilege test credentials, keep config/buyin.json out of shared packages and version control, review generated reports for sensitive business or personal data, and ignore the unrelated urgent email instructions unless separately authorized.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (24)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill advertises capabilities consistent with network access, local file reads, and report file writes, but the documentation does not declare permissions or make these effects explicit to users. This creates a transparency and consent problem: users may run a skill that accesses external APIs and writes local artifacts without understanding its operational scope.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
This file contains operational instructions to send external escalation emails, including recipients, urgency cues, and attachment guidance, which is unrelated to the skill's stated purpose of influencer matching, analytics, and livestream script generation. In a skill package, such instructions can induce out-of-band actions and pressure users to disclose internal materials to third parties, increasing social-engineering and data-handling risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation promotes use of a real external API and generation of local reports, but it provides no warning about what data may be sent to the API, what data is stored locally, or where output files are written. In a business analytics skill handling influencer, product, and sales data, this omission increases the risk of unintended disclosure or unsafe handling of sensitive business information.

Missing User Warnings

High
Confidence
98% confidence
Finding
Referencing a 'real' Cookie credential file in the documented file structure normalizes storage of sensitive authentication material in a local config file without any security warning. If such a file is mishandled, committed to source control, or read by other processes, attackers could gain unauthorized access to the connected 巨量百应 account or related business data.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly instructs users to place a real 巨量百应 API cookie into a local config file, but provides no warning that this cookie is a sensitive bearer credential that may grant access to account data and actions. In a skill that connects to a real external marketing platform and processes live business data, normalizing plaintext cookie storage without security guidance increases the chance of credential leakage through source control, package sharing, logs, backups, or multi-user workspaces.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation explicitly advertises real API access and a local config file containing a 'real' 巨量百应 Cookie, while also describing local report generation, but provides no warning about credential sensitivity, secure storage, access controls, or data-handling expectations. In a skill intended for broad reuse, this can normalize unsafe credential practices, lead users to store session cookies in plaintext, and expose commercial or personal data through local files and reports.

Missing User Warnings

Low
Confidence
81% confidence
Finding
The skill documents one-click generation of live-stream sales scripts, including urgency and product-claim language, without any notice that generated copy should be reviewed for accuracy, compliance, and platform or advertising rules before external use. This increases the risk of misleading claims, false scarcity messaging, or non-compliant promotional content being published as-is.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document explicitly states that the skill uses real API access and that Buyin cookies are already configured, but it provides no warning about credential handling, account scope, privacy implications, or safe storage. In a skill package, this can normalize embedding live session material and may lead users to run the tool with sensitive account cookies without understanding the risk of account misuse, leakage, or unauthorized API actions.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The documentation explicitly promotes use of real API data and a local configuration model, but provides no warning about handling sensitive business data, cookies, or personally identifiable influencer/activity information. In a skill centered on real external platform integration, this omission increases the chance that users will store, expose, or process production data insecurely.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The file structure explicitly documents a local config file containing a real 巨量百应 cookie, normalizing plaintext credential storage without any warning. Session cookies are effectively authentication secrets; if copied, committed, or leaked, they could enable unauthorized access to the linked platform account and associated business data.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The report explicitly directs users to locally stored JSON/CSV files containing detailed influencer data, but provides no privacy, retention, access-control, or downstream handling guidance. Even if the source data is obtained from a legitimate platform, exporting and redistributing contact-related datasets to local files increases the chance of unauthorized access, oversharing, or secondary misuse on the endpoint.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document explicitly instructs users to obtain raw browser cookies via developer tools and paste them into a local JSON file, but it does not warn that cookies are bearer credentials that can grant account access if exposed. This increases the risk of credential theft, accidental sharing, leakage through backups/logs, or compromise of the local workspace, especially because the guidance normalizes manual extraction and persistent storage of session tokens.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation explicitly states the skill uses a real Juluang Buyin API and that a Cookie is already configured, but it provides no warning about secret handling, account scope, privacy implications, or operational risk. In the context of an agent skill, this increases the chance that users run it with live production credentials without understanding that sensitive tokens and business data may be accessed, exposed, or misused.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The file list and report examples indicate the skill generates reports and writes output under an output directory, but the documentation does not warn users that business data may be persisted locally. This can lead to unintentional storage of sensitive analytics, influencer, or campaign data on disk where it may be retained, shared, or committed accidentally.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document explicitly instructs users to extract a live authenticated Cookie from the browser and paste it into `config/buyin.json`, but it does not warn that the Cookie is a sensitive credential equivalent to an active session token. This encourages insecure handling, storage, and possible accidental disclosure of account access, especially in a shared repo, logs, screenshots, or support attachments.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The guide explicitly tells users to extract the full session Cookie from browser developer tools and paste it into a local config file, but it does not warn that these cookies are bearer credentials that can grant account access if leaked. In the context of an e-commerce/creator-platform automation skill, normalizing manual collection and plain-text storage of active session tokens materially increases the chance of credential theft, accidental disclosure, or unsafe reuse.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The document explicitly states that a real external API is integrated and that a Cookie is already configured, but it provides no warning about credential sensitivity, storage, rotation, access control, or privacy implications. In the context of a distributable skill and contest submission materials, this can normalize unsafe handling of live credentials and may lead reviewers or downstream users to reuse embedded session tokens or connect the skill to production data without adequate safeguards.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The guide explicitly tells users to immediately send two emails with four attachments, but provides no warning to inspect those files for confidential, personal, or internal information before external disclosure. Because the attachments include full skill documentation, test reports, and submission records, this creates a realistic risk of unintended leakage of proprietary data, credentials, personal details, or internal workflow information.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The document exposes a specific local Windows path containing the username, which reveals host and account naming information without any privacy warning. While low severity on its own, this kind of system metadata can aid fingerprinting, targeted phishing, or accidental disclosure when screenshots, logs, or copied paths are shared externally.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document explicitly states the skill uses a real API and that a JuLiang Buyin cookie is already configured, but it provides no warning about secret handling, account scope, storage, or privacy implications. In this context, that is dangerous because users may run or distribute the skill with live session cookies, leading to credential leakage, unauthorized account access, or exposure of real business data.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The markdown describes report generation and identifies an output directory, but it does not warn users that generated reports and analytics artifacts are written to disk. This can cause unintended persistence of potentially sensitive business data, especially when the skill processes real API data and reports may remain on shared machines, build agents, or synced folders.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document explicitly states the skill uses a 'real API' and a 'real Cookie configuration' but provides no warning, handling guidance, or restriction around sensitive credentials. In the context of a distributable skill submission, this normalizes embedding or relying on live session cookies, which can lead to credential leakage, account takeover, privacy exposure, or unauthorized access if copied, logged, or shared.

Ssd 3

Medium
Confidence
99% confidence
Finding
This section instructs users to obtain complete authentication cookies after logging in and save them in a local JSON config file in plain text. Full session cookies often act as reusable authentication material, so storing them unencrypted in a predictable path can expose account access to local malware, other users on the machine, backups, logs, or accidental commits.

Ssd 3

Medium
Confidence
96% confidence
Finding
The repeated, detailed instructions to inspect browser traffic and copy the entire Cookie header normalize extraction of sensitive session material from authenticated requests. Repetition increases the likelihood that users will treat session cookies as routine configuration data rather than credentials, which is especially risky for a skill handling real platform accounts and business data.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal