魔方 Data 轻量版问题解答

Security checks across malware telemetry and agentic risk

Overview

This skill is a transparent staff moderation helper with powerful actions, but its instructions are scoped, disclosed, and require authenticated, audited tooling.

Install only if you are a ClawHub staff operator or maintainer expected to perform moderation. Treat ban, unban, role, and unhide commands as high-impact actions: confirm the target and reason, rely on the normal authenticated CLI/API path, and verify audit-backed results after each write.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: The skill embeds a default username and password in plain text, which exposes credentials to any user or downstream system that can read the skill. In a FAQ/support skill, this is especially risky because it normalizes credential disclosure and can enable unauthorized access if the credentials are valid in deployed environments.

Ssd 3

High

Confidence: 99% confidence
Finding: The file explicitly instructs users to use default login credentials, disclosing a password in plain language. If these credentials are active or reused, attackers or unauthorized users could log into the system; even if they are starter credentials, publishing them in a broadly accessible support artifact materially increases the risk of compromise.

VirusTotal

51/51 vendors flagged this skill as clean.

View on VirusTotal