ClawHub

Service Matching

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it needs review because it can read a real tenant Excel ledger, save follow-up changes into it, and send tenant details to WeCom without strong approval or privacy controls.

Install only if you intend this skill to access the named Excel ledger, post tenant recommendations to a configured WeCom webhook, and update follow-up fields in the workbook. Before use, require approval before saves/sends, back up the workbook, restrict webhook destinations, and redact unnecessary tenant/contact details. VirusTotal and static scan were clean; the Review verdict comes from the skill's own high-impact data handling instructions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill is presented as an analysis/recommendation tool, but it also modifies and saves the source Excel ledger by writing follow-up status, timestamps, and notes. Hidden state-changing behavior is dangerous because users may trigger what they believe is read-only analysis while actually altering business records, which can corrupt data, create unauthorized audit entries, or be abused to tamper with tenant service history.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill reads tenant and customer data from a real Excel ledger and pushes recommendation content to WeCom via webhook, but it provides no explicit privacy notice, data-minimization guidance, or controls around external sharing. This is dangerous because the data includes identifiable business and contact information, and transmitting it to an external messaging endpoint can cause unauthorized disclosure, compliance violations, or accidental leakage if the webhook is misconfigured or exposed.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The markdown does not warn users that follow-up tracking writes back into and saves the source Excel workbook. This omission is dangerous because users may unknowingly trigger persistent modification of a production ledger, causing integrity issues, accidental overwrites, and operational disputes over who changed records and when.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal