ClawHub

龙虾教研日报助手

Security checks across malware telemetry and agentic risk

Overview

This skill mostly does what it advertises, but its monthly report code can read and summarize coworkers' records from a shared Tencent Docs sheet.

Review this skill before installing in a real team. It is suitable only if you intentionally connect it to the specified Tencent Docs workspace and accept storing work-report data there. Ask the publisher to fix user-level filtering before using monthly read or summary features, restrict Tencent Docs sharing to approved users, and avoid broad editable access for sensitive attendance or project details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
`read_monthly_records` accepts a `user_record_id` parameter but never uses it when querying or filtering results, so `read` and `summary` can process every user's records for the requested month. In a daily-report skill handling work logs, leave notes, and overtime notes, this creates a real confidentiality breach because one user can access or summarize coworkers' sensitive attendance and work-content data.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The example invocations are phrased like ordinary conversation about work, leave, and overtime, so the skill may activate on routine chat without the user clearly intending to invoke an automation that records data and writes to Tencent Docs. In this context, ambiguous activation is risky because it can cause unintended collection, storage, or submission of sensitive employee activity data.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill describes authorization and automatic writing of daily work reports to Tencent Docs without a clear upfront warning about what personal/work data will be transmitted, stored, and under whose access control. Because the content includes names, attendance, leave, overtime, and work details, missing privacy notice and consent boundaries can lead to unintended disclosure of employee data.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The deployment guide encourages sharing a Tencent Docs table containing team daily reports and explicitly grants collaborators edit access, but it does not warn about the sensitivity of work-report content or the risk of over-broad sharing. This can lead to unintended disclosure of employee activity, project details, or operational information to unauthorized users if the shared document or permissions are misconfigured.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal