ClawHub

泛微 e-office v11 协同办公系统 OpenAPI

Security checks across malware telemetry and agentic risk

Overview

This is a real-looking e-office integration, but it gives an agent broad power over enterprise OA accounts and data without enough safeguards around destructive actions.

Install only if you deliberately want an agent to operate your e-office OA system. Use a dedicated least-privilege OA application, restrict the OA whitelist and configured base URL, avoid admin credentials unless necessary, protect the secret configuration, and require human confirmation plus audit logging for all create, edit, delete, approval, upload, and bulk actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill declares use of sensitive capabilities through environment variables and network access, but does not explicitly declare permissions. This reduces transparency and can bypass user expectations about what the skill can access and transmit, especially since it uses credentials and sends authenticated requests to an external OA system.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly advertises destructive capabilities such as editing and deleting users, but provides no warning about authorization boundaries, approval requirements, confirmation prompts, or audit expectations. In an agent-integrated skill, normalizing destructive admin actions via natural language increases the risk of accidental or unauthorized identity-management changes.

Missing User Warnings

Low
Confidence
81% confidence
Finding
The configuration section instructs users to place sensitive values such as EOFFICE_SECRET directly into config or environment files without any warning about secret storage, redaction, rotation, or avoiding commits. This can lead to credential leakage through source control, logs, screenshots, or shared deployment artifacts.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger conditions are very broad, including phrases like any task needing OA operations. Overbroad activation can cause the agent to invoke this skill in ambiguous contexts and perform high-impact enterprise actions against internal systems without sufficiently deliberate user intent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill documents creation, modification, and deletion of user accounts but does not require explicit warnings, confirmations, or safeguards around destructive changes. In an enterprise OA context, these actions can disrupt access control, disable employees, or alter organizational data if triggered accidentally or through prompt manipulation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Printing a live access token directly to stdout can leak credentials into terminal scrollback, shell pipelines, CI logs, or calling process logs. In a skill context, this is more dangerous because agent frameworks often capture stdout programmatically, increasing the chance that the token is persisted or exposed beyond the intended recipient.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal