ClawHub

企业AI应用诊断工具

Security checks across malware telemetry and agentic risk

Overview

This is a coherent enterprise AI diagnosis and report-generation skill, but users should treat the reports and questionnaire answers as sensitive business data.

Install only if you are comfortable entering business metrics into a local diagnostic tool. Review questionnaire answers and generated Markdown/HTML reports before sharing them, avoid secrets or regulated data, and check Feishu/document permissions if you export or send reports externally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (11)

Lp3

Medium
Category
MCP Least Privilege
Confidence
83% confidence
Finding
The skill appears to perform file-writing operations without declaring any permissions, which creates a transparency and consent gap. Even if the write is only for report export, undeclared filesystem access can surprise users, bypass policy review, and increase the risk of unauthorized data persistence.

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The documented purpose presents the skill as a diagnosis/planning assistant, but the detected behavior includes local file generation, HTML report creation, CLI-style data collection, and external consultation/contact guidance that are not clearly disclosed. This mismatch is dangerous because users and reviewers may authorize the skill under incomplete assumptions, while it handles data and produces artifacts beyond the declared scope.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The tool creates a persistent directory under the user's workspace during initialization and is designed to store generated reports there. This expands behavior from advisory analysis into local data persistence, which can surprise users and increase privacy risk because enterprise inputs may contain sensitive business, staffing, revenue, and process information.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The save_report function writes generated diagnosis content to disk in a persistent workspace location. Because the report includes potentially sensitive enterprise details and implementation plans, unintended storage can create confidentiality and data-retention risks, especially on shared systems or when users do not expect files to be created.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill can generate and save HTML reports through an external helper, adding another persistent output path not reflected in the manifest. HTML output can increase exposure because rendered reports may be easier to share unintentionally, and external helper behavior is not visible here, which broadens the trust boundary.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger phrase example is broad enough that ordinary enterprise-AI questions could invoke the skill unintentionally. In an agent environment, overbroad activation can cause the wrong skill to run, leading to inappropriate data collection, misleading business advice, or unnecessary execution of local scripts/tooling without clear user intent.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrases are broad business-AI questions that many users could ask in ordinary conversation, making accidental invocation more likely. Unintended activation is risky here because the skill collects business information and may generate shareable outputs, so users may expose sensitive operational details without realizing a specialized workflow has started.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The example invocation uses a vague phrase that could match many exploratory user questions without clearly signaling that a structured diagnostic process will begin. In this skill's context, that can lead to unintentional collection of enterprise information and report generation before the user understands the workflow.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill states that it will collect enterprise information and export shareable reports but gives no privacy notice, retention policy, or warning about sensitive data handling. This is dangerous because users may provide confidential business, financial, staffing, or strategic information that could be stored or shared in reports without informed consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Collecting enterprise information through forms without a user-facing privacy warning creates a direct risk of over-collection of sensitive corporate data. Because forms often encourage structured disclosure, users may submit internal process details, budgets, customer information, or strategic plans that should not be entered into an unspecified external workflow.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The questionnaire solicits company-identifying information, operational metrics, budgets, tool usage, and business pain points, but provides no notice about how this sensitive business data will be stored, processed, shared, or protected. In an enterprise AI consulting context, this increases the risk of oversharing confidential information and can lead to privacy, confidentiality, or compliance issues if users submit proprietary details without informed consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal