ClawHub

费用催缴管理

Security checks across malware telemetry and agentic risk

Overview

The skill appears to perform its stated fee-collection job, but it handles sensitive billing data and can automatically send broad WeCom notifications without clear approval and storage controls.

Install only if you control the fee data source and WeCom webhook, understand which groups receive reminders, and can tolerate local report files being written. Before enabling automation, configure approved webhook destinations, verify group IDs, prefer a dry run or manual approval for bulk/@all sends, and define retention or deletion rules for generated reports.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill persists monthly催缴报告 to a fixed local path under the user's home directory, which expands its data handling beyond transient fee checking and message sending. Because the report contains business financial metrics and is written without access controls, encryption, or retention limits, it creates unnecessary local data exposure if the host is shared, backed up, or compromised.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The daily check routine automatically writes a日报 JSON file to local disk every run, creating a persistent record of overdue account activity. In a fee-collection context this data is operationally sensitive, and silent local storage increases the risk of unauthorized disclosure or compliance issues, especially since the manifest describes checking/reminders rather than local archival.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The skill automates reading customer fee data and sending collection notices, including group-triggered and mass-notification scenarios, but does not warn about privacy-sensitive financial information or the risks of broad disclosure. In this context, overdue amounts, company names, and payment status are sensitive business data that could be exposed to unintended recipients through automated reminders or @all escalation.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Referencing a specific local Excel file containing customer fee records without an explicit data-protection notice signals direct access to sensitive financial and customer information with unclear safeguards. If mishandled, this can lead to unauthorized disclosure, accidental modification, or insecure storage and backup of the source data.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This code sends automated messages directly to enterprise chat groups, including escalated '@all' reminders, without any approval gate, dry-run mode, recipient validation, or rate limiting in this file. If the upstream data is wrong or manipulated, the skill can spam internal groups, disclose customer delinquency information to unintended audiences, or trigger reputational and workflow harm at scale.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This code sends potentially sensitive billing and customer reminder content to an external WeCom webhook without any visible consent, disclosure, redaction, or data-classification checks. In this skill's context, the transmitted fields can include customer names, fee types, overdue days, amounts, and report contents, so undisclosed external transmission creates a real privacy and compliance risk.

External Transmission

Medium
Category
Data Exfiltration
Content
payload["text"]["mentioned_list"] = [chat_id]
        
        try:
            response = requests.post(
                self.webhook_url,
                json=payload,
                timeout=10
Confidence
91% confidence
Finding
requests.post( self.webhook_url, json=

External Transmission

Medium
Category
Data Exfiltration
Content
}
        
        try:
            response = requests.post(
                self.webhook_url,
                json=payload,
                timeout=10
Confidence
90% confidence
Finding
requests.post( self.webhook_url, json=

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal