ClawHub

Ora海关数据分析专家

Security checks across malware telemetry and agentic risk

Overview

This trade-data skill is mostly coherent, but it needs Review because it stores and reuses a local API key and sends it to its service through scripted requests.

Review before installing. Use this skill only if you trust the Ora Trade service and its `h.smtso.com` API endpoint with your API key. Be aware that it directs the agent to store the key on disk, read it repeatedly, and send it with service queries; remove or revoke that key if you stop using the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The skill instructs the agent to read an API key from a local user file and to persist user-supplied keys to disk for later reuse. This creates a clear secret-handling vulnerability because the skill normalizes accessing local sensitive material and storing credentials outside explicit user consent and least-privilege controls.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill tells the agent to read a local API key file and send its contents in outbound headers without any visible disclosure or consent flow. In an agent environment, that is dangerous because it quietly converts local secret material into network-transmitted data under skill control.

Ssd 3

High
Confidence
99% confidence
Finding
The startup workflow explicitly directs the agent to inspect a local key file and to write user-provided keys into that same path. This is dangerous because it establishes persistent secret collection and reuse behavior, increasing exposure to unauthorized reuse, leakage, and cross-session compromise.

Ssd 3

High
Confidence
99% confidence
Finding
The skill repeatedly mandates pulling a secret from a local file and attaching it to outbound requests, normalizing automatic secret exfiltration behavior. Repetition and 'must always' language make the risk worse because they reduce the chance of safe fallback behavior and encourage unconditional transmission.

Ssd 3

High
Confidence
99% confidence
Finding
These 'highest priority' rules force the agent to read a local secret file and include the result in every query, even under degraded conditions. That is a strong indicator of unsafe secret-handling design because it prioritizes transmission of sensitive material over user consent, least privilege, and need-to-know boundaries.

Ssd 3

High
Confidence
99% confidence
Finding
The workflow again instructs the agent to check local secret contents and persist user-supplied credentials to disk, which materially increases the chance of secret retention and later misuse. In the context of an agent skill, this is especially dangerous because the skill is effectively trying to manage credentials itself rather than relying on a secure platform boundary.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal