ClawHub

商品归类skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a real product-code lookup helper, but it collects phone numbers, stores them, and sends them with queries to an external FastGPT service over plain HTTP using bundled credentials.

Review carefully before installing. Use this only if you are comfortable sharing a mobile number and product queries with the configured FastGPT service, having that data stored locally in users.db, and relying on bundled service credentials. Prefer a version that removes bundled API keys, uses HTTPS, documents retention and deletion, and aligns SKILL.md with the actual reviewed entry point.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill pulls session identifiers from several platform-specific environment variables and falls back to a shared default session ID. This can cause cross-user data mixing, unexpected correlation of identities across platforms, and processing of identifiers beyond what is necessary for the stated function. The risk is amplified because the same session ID is used to retrieve/store phone numbers and pending questions.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The skill is designed to send user phone numbers and product questions to three external agents for verification, registration, and querying, but no manifest or in-band notice justifies why this data must leave the local system. This creates a real privacy and data-handling risk because sensitive user data is disclosed to third-party services with unclear scope, retention, and access controls.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README explicitly describes collecting, checking, registering, and locally storing users' phone numbers in SQLite by session, but provides no privacy notice, retention policy, consent flow, or handling safeguards. Phone numbers are personal data, and undocumented collection/storage increases the risk of privacy violations, regulatory noncompliance, and accidental exposure, especially because the workflow persists identifiers across sessions.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger description is broad enough that the skill may activate for loosely related product or classification queries, causing unnecessary script execution and expanding the scope of data sent to the local tool. In a skill that mandates running a local script and forbids simulation, overbroad activation increases the chance of unintended processing and privacy exposure.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The mandatory activation rule says any question about 商品编码、商品归类、海关编码、HS编码、税号 must use this skill, which is overly broad and removes agent discretion. Because the skill also requires execution of a specific script, ambiguous requests may be force-routed into tool execution even when the user did not clearly ask for customs classification.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to collect a phone number if the script asks for it, but provides no privacy notice, purpose limitation, retention statement, or minimization guidance. This creates avoidable collection of personal data and could expose users to unnecessary sharing of sensitive contact information with a local script of unknown behavior.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Phone numbers are transmitted to external agents for existence checks and registration, and product questions are sent externally, without any user-facing disclosure that their data will be shared. This is a genuine privacy vulnerability because users may provide personally identifiable information under the assumption it is handled locally, preventing informed consent and potentially violating policy or regulatory requirements.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal